Sexual Harassment/Cybersecurity

I am posting this in an attempt to assist a friend who is a male employee (I will refer to him as “George” for the remainder of this post). George worked on a regular basis with an individual, who happens to be a female (I will refer to her as “Sue” for the remainder of this post), providing support services to Sue and the company she works with. Sue confided in George (via cellphone) information regarding inappropriate behavior, sexual in nature, from a male manager (I will refer to him as “Charlie” for the remainder of this post) that it made Sue, and other female co-workers, extremely uncomfortable; so much so that some have requested never to put in a one-on-one situation with this Charlie. Charlie holds a high position in a company that works closely with George and though Charlie is not Georges manager, the way the companies function Charlie could hold sway over Georges manager/department head. Shortly after Sue’s conversation with George it was brought to George’s attention that Charlie was aware that information regarding Charlie allegedly behaving inappropriately toward females had been shared with George. Within a few weeks George and his wife noticed odd behavior out of Georges’ cellphone; one provided by his employer which was already 2 to 3 models old and had known security flaws. George became suspicious that the cellphone had been compromised. Within two months an email was sent to multiple employees referencing various network/firewall security flaws (ports that should not have been open on the company’s firewall). An application that George is responsible for utilizes the companies firewall and some of these open ports, which should have never been open, created a vulnerability to a very critical application that falls under George responsibility. Although George did not have access to modify the companies firewall, he explained these ports were unnecessary for his application to function and should not be open and that the firewall administrator should close the ports ASAP. Within 2 weeks, of the email correspondence, the nonessential ports/application was under attack. Since this all occurred during the Christmas/New Year Holidays, the firewall administrator was off on vacation and holidays. George was also off, some vacation and some company provided holidays, but worked most of this time to attempt to determine a way to track and prohibit the attack. Since the application George was responsible for is a Public Safety application one which is very important for Police and Fire, George felt obligated to find a solution, until the firewall ports were closed, and to determine any additional safeguard(s) to guard against any future attacks. Even though George was aware of many other security issues (i.e. multiple ransomware attacks, etc.), and had expressed many concerns in the past regarding shoddy security measures he decided to bring up the possibility that his outdated company provided cellphone had been breached. George thought that someone may had read his email, on his phone regarding the open ports. George tried to express any and all possibilities he could think of, other than mentioning what Sue had confided in him. He even mentioned odd behavior around his home hoping it would assist the company’s security team, wanting to be completely open especially since he and members on the Public Safety team provided afterhours support, etc.…. George was placed on administrative leave with pay and was told he was not being punished, he did nothing wrong. He had also gave his cellphone back to the employer, as requested, and hoped they could verify if the phone had been compromised, create a forensic image, and catch the person responsible, but George never received a response as to whether or not his phone had been compromised and when he asked, George was told do not contact them again about his work cellphone or the application attack. Later George was told that a company policy change was made, one which his manager new he could not comply with as it was completely against his hiring letter, and to date, Georges director submitted paperwork to have George separated from the company. In addition, one of Georges HR contacts recently accidentally sent an email to Georges personal email address, referencing George (providing his real first and last name) as a primary contact in another sexual harassment lawsuit. This email also named the other 3 females that filed a sexual harassment lawsuit against another manager.

Does anyone have a recommendation as to how George should move forward or who he should contact? His manager/Director, has expressed no interest in listening and has went out of his way to create an adverse work environment by cutting off his access and not even permitting an out-office response be added to Georges company email even prior to his manager submitting separation paperwork.