IT Setup Advice
- Thread starter Pross
- Start date
Page may contain affiliate links. Please see terms for details.
Alex321
Guru
- Location
- South Wales
If yo can't see that, then they really shouldn't allow you to do it, no matter how trusted an individual you are, because if you can't see how it is less secure, you are unlikely to be taking sufficient steps to mitigate it.
OP
OP
Pross
Veteran
Explain then. The only difference is the hardware and I’d be using anti-virus, VPN etc. Based on places I’ve worked in the past I take more precautions working from home than they do in the office. These aren’t big companies with IT departments, I don’t think we’ve even used VPNs in places I’ve worked previously.
OP
OP
Pross
Veteran
I’m not sure what they do here but that’s what my current and previous small companies have done. I’d be more than happy for them to add any security software that deem necessary too. I’m just as keen on keeping my own data safe as I am my work data after all and don’t do anything intentionally dodgy.
bikingdad90
Guru
@Pross there are loads of things to consider security wise:
Does your home internet have a firewall to try to protect against access as the router?
Will you keep your laptop up to date with regular updates including security updates to the BIOS?
If your laptop was stolen, can you block access to the content/account remotely?
What is your password arrangements, are you using Multifactor Authentication?
Will there be good quality antivirus, malware and live monitoring software installed?
Entry to systems goes beyond malicious emails these days and I would encourage your firm to look at cybersecurity essentials and even plus.
Does your home internet have a firewall to try to protect against access as the router?
Will you keep your laptop up to date with regular updates including security updates to the BIOS?
If your laptop was stolen, can you block access to the content/account remotely?
What is your password arrangements, are you using Multifactor Authentication?
Will there be good quality antivirus, malware and live monitoring software installed?
Entry to systems goes beyond malicious emails these days and I would encourage your firm to look at cybersecurity essentials and even plus.
Dogtrousers
Lefty tighty. Get it righty.
Just keep them strictly separate is my advice. Best for you and best for your employer.
That may be the policy of your new employer anyway as suggested above. Its just the best way. Same applies to mobile phones.
My other advice is - if they are similar looking grey laptops - put a sticker or something on one of them. You don't want to get into the office, sit down, get your laptop out and realise you've brought the wrong one. Not that I've ever done that
That may be the policy of your new employer anyway as suggested above. Its just the best way. Same applies to mobile phones.
My other advice is - if they are similar looking grey laptops - put a sticker or something on one of them. You don't want to get into the office, sit down, get your laptop out and realise you've brought the wrong one. Not that I've ever done that
Dogtrousers
Lefty tighty. Get it righty.
Panniers FTW.
If you request two laptops because you don't want to transport a laptop to/from the office then expect a lot of eye-rolling from your employer. Portability is the whole point of laptops.
In addition to what @bikingdad90 said:
Is your OS patched up to date with 100% of all critical patches within 14 days of release (Cyber Essentials Plus requirement)? Can you evidence that from patching logs? Are your wifi drivers similarly patched? Your bluetooth drivers? Your AV definitions? Your laptop BIOS?
Does your normal windows account have superuser/admin credentials, i.e can you install any software or change key settings without putting in your admin password? Is your admin account separate from your normal windows account? Do you have MFA on both?
Is your VPN software approved? Is it locked down to only connect to the company's endpoint?
If there any software on your laptop that isn't approved by your employer? Will you allow your employer to audit all your files and all your software licences are valid? Are you willing to give your employer remote access to your personal laptop to do that? As you can see there's a whole raft of implications.
Dogtrousers
Lefty tighty. Get it righty.
Good point about admin accounts @Dadam. I remember a bit over 20 years ago, when things were much more relaxed, the company I was working for revoked admin rights for ordinary users. (possibly in the wake of the lovsan virus) There was uproar. "What do you mean I can't install random software I downloaded from an official looking website. That's outrageous!" 
I have in the past tottered round with a rucksack containing three laptops. One my employer's and one each for different clients. No room in the bag for my own laptop.
I have in the past tottered round with a rucksack containing three laptops. One my employer's and one each for different clients. No room in the bag for my own laptop.
sungod
Senior Member
sadly, this is why smaller/less prepared companies can be driven out of business by cyberattack, for instance https://www.bbc.co.uk/news/articles/cx2gx28815wo
it needn't be organized crime/state attacks, just some bored kids who think it'll earn them cred with their peers, and there's now the threat from ai-powered tools scanning across the internet for vulnerabilities and attacking on discovery, no human intervention required
i.e. most attacks are not even targeted, just drive-by/target of opportunity, scanning is relentless
there are zero-day exploits discovered regularly across pretty much every platform, including vpn equipment, anti-virus is old hat, hackers will stroll right past it
if you can gain vpn access with no more than username and password, that's insecure, at minimum there should be two-factor authentication
it just takes one mistake/vulnerability to allow an attacker to gain access, move laterally, and then things get very bad, very fast, maybe the company goes under
PhotoNic69
Über Member
- Location
- Maximum Security Twilight Home..
I am/was in a similar situation.
Where I work we were/are allowed to install MS Office (pre365) on up to 5 devices including home/personal devices. This was handy as myself, wife, kid could use it at home for day to day stuff. It was all tickety-boo until 365 came out. Now all my calendar entries and some work emails goes to my wife's PC, even though she has a separate MS login from myself! I've tried and tried to sort this out but once you have an MS account with your name linked to it then MS decides that your name is the identifier and it doesn't matter if you use a different email address to login, it decides that both accounts are one and the same! It just sees the other email as a 'recovery email'. It doesn't help that the original MS key was from a slightly dubious source (did when her machine blew up and had a new MoBo). Our IT can't/won't help as they say it is my issue and not a work thing. The only way I can see to separate accounts is to change my name by deed poll and I'm not doing that!!
It seems that we are now stuck in Schrodinger's Office, along with a box, parcel tape and maybe or maybe not a cat named Microsoft.
Over Christmas I'm going to rebuild the wife's machine with a new SSD, a fresh install of Windows with a new Key and her own subscription to MS365. It's the only way I can see we can fix this!
I now only use my own PC for my home stuff, except if I want to check an email that I can't do on my phone, and that is through the web based 365. When I WFH I use my work laptop only.
BTW this is my new work laptop for image processing, Lightroom, Photoshop, PhotoMechanic etc. Its fantastically quick but I would not exactly describe it as portable! It's a big old slab!
https://psref.lenovo.com/Detail/ThinkPad_P16_Gen_2?M=21FA0005UK
Alex321
Guru
- Location
- South Wales
Only just come back to this, and others have largely explained.
What other comanies may have done is completely irtrelevant. They may have been laying themselves open to all sorts of problems.
If it is your computer and not theirs, they have no control over what you may install, over the quality of your anti-virus, what you do when not using their VPN, etc. That, from their POV, makes it inherently less secure, no matter how secure you personally know it is.
Incidentally, I live 15 miles from my office, normally work two days in the office and one from home each week, and commute by bike with my work laptop in a rucksack on my back. I do have an additional monitor, keyboard and mouse which stay at home so it is only the laptop itself which needs transporting. I really don't find it much of an issue carrying it, I'd need the rucksack for my work clothes and towel anyhow, the extra weight of the laptop isn't that noticeable.
OP
OP
Pross
Veteran
I would say yes to all of those, I take protecting my own data very seriously and would say I'm more rigorous than any of the companies I've worked for in the past 25 years bar the one large company I was at briefly. I think most of the responses so far don't understand the setup in many small businesses where the MD is also the HR department, IT department, admin department and CFO. That said, my new boss definitely seems a lot more savvy than my previous employers on IT security - I currently have full access to everything on my machine, not only am I able to download and install any software I feel I need I am actually expected to do that with all my work software.
OP
OP
Pross
Veteran
I don't disagree with this, as I said above my own security is far higher than it has been at the places I've worked in the last 25 years that have (other than an 18 months) all had fewer than 50 employees. My current company has just 3 and the one I'm moving to less than 10. They all outsource their IT but there is also a culture of expecting you to sort out anything you can without using them to save on cost but the costs associated with a breach will be far more extensive and I doubt any insurances would pay out if they can argue there was a lack of security.
OP
OP
Pross
Veteran
I was looking at the Dell Alienware 16X Aurora. Not sure what my new employer ordered me in the end but I suggested the Alienware there as it offered better value than a similarly (slightly lesser) specced Workstation laptop albeit with a bit of a weight penalty as it is over 2kg.
