My work provides me with a laptop, 15" MacBook Pro, that I take home every day. I usually don't work from home so it pretty much stays in the work bag when I take it home unless I get a call that I have to take care of. I also have a separate personal laptop, 13" MacBook Pro, that I use and it's getting fairly long in the tooth at about 4 years old, but has an SSD in it so it's doing OK, but not great. I'm due for a new work laptop since policy is that we get new ones about every 3 years. I was also thinking about getting a new personal laptop this year and then giving my current one to my girlfriend who has a white Macbook from 2006 and is in desperate need for a newer laptop.
I thought about all of this and I could save a bit of money but just using my work laptop as my only laptop, not get a new personal laptop, and then give her mine. However, I'm very big on work is work and home is home and I would be concerned about mixing the two.
I'm just trying to figure out what other professionals around here do and what are the pros and cons of what you do regarding laptops.
Thanks.
I thought about all of this and I could save a bit of money but just using my work laptop as my only laptop, not get a new personal laptop, and then give her mine. However, I'm very big on work is work and home is home and I would be concerned about mixing the two.
I'm just trying to figure out what other professionals around here do and what are the pros and cons of what you do regarding laptops.
Thanks.
Don't mix business and work on the same laptop if you can avoid it, particularly a laptop provided by your employer. Even if your employer allows such use you are best to avoid it.
I thought about all of this and I could save a bit of money but just using my work laptop as my only laptop, not get a new personal laptop, and then give her mine. However, I'm very big on work is work and home is home and I would be concerned about mixing the two.
I'm just trying to figure out what other professionals around here do and what are the pros and cons of what you do regarding laptops.
Thanks.
Don't mix business and work on the same laptop if you can avoid it, particularly a laptop provided by your employer. Even if your employer allows such use you are best to avoid it.
This pretty much says it all.
Story from a friend of mine. This friend foolishly put a bunch of personal stuff on his work laptop. More accurately, he had almost all of his personal stuff on the laptop. Taxes, family photos, the works. Then the guy gets laid off in 2008, on short notice, and they confiscate the laptop before escorting him from the building. No chance to get his stuff off the laptop. He did manage to let him come in and get his personal stuff off, weeks later. He said he wasn't allowed to touch the computer: a security dude copied stuff off for him after looking at everything to make sure it wasn't company IP. He was probably lucky they even let him do that.
That system that you describe was SOP in the time that I worked in infosec: if you got fired or laid off during your tenure with the company, you could request data from specific folders off your network drive [there was no saving information to areas on the PC outside your My Documents folder for non-admins, and no one was given admin privileges except on rare occasions], but ITSec would need to review the request and scan the requested files to make sure that there was no company IP in any of them. This process could commonly take months, and always took at least weeks.
That's a silly oversimplification of reality. Do you never bring up youtube or amazon or a webcomic on your work laptop? Or browse Ars? If so, you're just weird. In addition, if you use anything like firefox sync, that's going to show up in the history anyway so might as well embrace it [side note, if you do this, make sure you don't surf any sites you don't want showing up in the the history of your work laptop - like porn*, or job searches].
I happen to do a lot of non-work related things on my work laptop. If I'm on a road trip I'm not hauling two machines. I also have an expectation to use my personal cell phone for work, so I don't mind returning the favor. I just don't do things that will get me in trouble, nor do I put my only copy of personal files on the laptop - I have a copy of my mp3s for road trips and some photos I've been editing, but it's not the only location where that stuff is.
I wouldn't give up my personal equipment, either. If I got laid off tomorrow, or even just dropped my work laptop, I'd be so fucked. But because of the personal PC I have all my shit, and a backup for work [I work from home, probably more important to me than others]. Where it has helped, is my home PC is now 7 years old. All I do is play games and surf the web, and it works "good enough" for those so that's probably two PC upgrades I saved on.
* Infosec is funny sometimes. Thank god for incognito modes, not that you should rely on them, or my history would look really bad while testing out how safesearch changes affect Fortigates. FYI, Fortigate users can now surf porn, one thumbnail at a time!
Frennzy, you just got molo'ed. You should know better
I have a small personal slate tethered to my iphone attached to a KVM switch at work which I can access for any personal stuff if I need to. Work laptop is just work. When my Mom died I used the scanner at work to scan in some of the estate stuff to my personal folders which falls into the deminmus category of use as would checking your personal email, ordering something from Amazon, etc. We've had users busted for using their work computers to run an eBay business. At my wife's work they recently announced that the top bandwidth use by website was...Netflixs
I lug my work laptop home daily and most evening and weekends it is on for a few hours so I can cover the West coast or attorneys who are working evening or weekends [I can VPN from my personal laptop, but then I lack a bunch of apps that are only installed locally on the laptop]. Work Blackberry is always on [though if you email me after 8 pm your SOL until morning]. My wife uses our old T40P to connect to her desktop at work when she teleworks.
Actually, there is a *very* strong security argument in *favor* of BYOPC. With any of the myriad of VDI environments out there, I can begin to shrink my entire enforcement boundary to only data of concern, and let everything else be "zero trust" networks. Instead of maintaining, for example, my current 150+ enforcement points, I could shrink it to a couple dozen at global DCs. That saves me hundreds of thousands of dollars in annual maintenance, and millions in terms of CapEx.
Now, I can also add in a measure of NAC to at least identify wildly non-compliant systems, and provide them with simply redirects to mitigation sites, but without actually promising anything beyond that very basic support. Add in some other intelligent IDS/IPS, and you can start to block a lot of malicious traffic without ever really impacting much else.
How do you protect against screen scrapers, keyloggers, and unauthorized personnel on client machines?
For the first two, you have to rely on NAC doing basic policy/compliance checking. For the latter, you have authentication at the VDI layer. For highly sensitive access [say, code/IP] you can use MFA and/or machine certs.
One of my author friends got caught in this trap. He used to be a PM for technical writers at a software company in the early 2000s. Being the paranoid sort [after a laptop died on him years earlier], he backed up some of his personal files wherever he had space: his web site, on a friend's PC, on a CD-ROM in a safe, and on his work laptop. His backups included a lot of his personal writing, zipped up and password protected. He quit the job in 2005 or so, and got another job. When his next book came out a year later, he got a strange C&D order that said his current work [a fantasy/sci-fi work] was property of his previous employer, and he had no rights to it.
The company cited a signed security document that he signed when he started saying "any and all work written while employed at the company is the sole copyright of the company." This company wrote manuals for software developers, not fantasy fiction. They said they had a copy of this work in their own archives as proof. So the writer hired a lawyer, and the publisher had to withdraw the work while the litigation continued. He told me his lawyer considered this a desperate act by a desperate company, and the company stalled, hoping the author would settle out of court.
LUCKILY, the company went out of business, and the lawsuit was abandoned. Eventually the work was re-released under a different title in 2010. Only a FEW of us have been told why.
The company cited a signed security document that he signed when he started saying "any and all work written while employed at the company is the sole copyright of the company." This company wrote manuals for software developers, not fantasy fiction. They said they had a copy of this work in their own archives as proof. So the writer hired a lawyer, and the publisher had to withdraw the work while the litigation continued. He told me his lawyer considered this a desperate act by a desperate company, and the company stalled, hoping the author would settle out of court.
LUCKILY, the company went out of business, and the lawsuit was abandoned. Eventually the work was re-released under a different title in 2010. Only a FEW of us have been told why.
I was going to ask if this guy was a member of a certain group, because I know a fantasy author who also did tech writing for Microsoft. Obviously, Microsoft has not gone out of business so it's probably not the same person.
Just to chime in a few things.
Even if you're using TrueCrypt, the files may still be backed up on the corporate network since it's doing real time searching. Meaning that if the TrueCrypt volume is mounted and readable by you, then the system can also read it and back it up. For most clients you can adjust the setting to disable backup of all drives, depending on how lax your IT policy is. This was from working with Iron Mountain cloud backup but others may vary.
On the subject of mixing personal on a work laptop. Personally, I alway tell people that the laptop is company property and you should be aware of two things, everything you do is monitored [even as far as keystrokes] and at any time your access can be revoked. I've seen some people using their work laptop as their primary personal laptop [company I work for is very generous with their laptop allowance]. I somewhat cringe at this behavior since it's really assuming that if you have a problem at work, even if you leave on your own, IT will allow you to backup everything.
On my work laptop, I use this for work but also I have my personal Dropbox connected as I use folders there for work and personal data. Often I would use this as a "semi-VPN" where I could work on a script at home, where I don't need VPN access, then Monday can continue the work on my corporate laptop. My Dropbox also contains my personal data but the most secure data is password protected within Dropbox. For my personal USB drive that I bring in to backup my work laptop, it's a TrueCrypt volume for protection if I'm dismissed while backing up or if I lost it.
Another thing is I make sure that I don't visit any sites that are questionable. I stay away from sites like Reddit [even thought they have great info there] since it could be flagged as porn or adult. Last thing you need is a review with "...and we found unusual Internet usage on your laptop...".
When I worked as a contractor, things were a little different. I mounted my Dropbox on a USB flash drive using a TrueCrypt volume. If things got bad, they locked out my access, just pull the flash drive and walk out.
I helped a client with their Windows 7 conversion, and as part of their process they remotely backed up each machine prior. After the notification email went out, I got a call from a user who wanted to make sure "all my TurboTax and iTunes stuff will still be there after."
I escalated the hell out of that, and after much hand-wringing, it was decided that as a valued 30-something year employee, she was grandfathered into some decision some manager 25 years ago told her it was OK to use her work PC for personal stuff.
So, there is now a backup tape somewhere with all her most personal information on it. And before it went to offsite storage, the Win7 team kept a backup for 60 days, on an archive to which probably dozens of people had access. I tried to nicely convince her to spend a few bucks on a 8 GB flash drive and back it up there, but she wanted nothing to do with it since it was "IT's problem, not mine."
Regardless of whether or not you are *permitted* to do something, doesn't mean you should.
I escalated the hell out of that, and after much hand-wringing, it was decided that as a valued 30-something year employee, she was grandfathered into some decision some manager 25 years ago told her it was OK to use her work PC for personal stuff.
So, there is now a backup tape somewhere with all her most personal information on it. And before it went to offsite storage, the Win7 team kept a backup for 60 days, on an archive to which probably dozens of people had access. I tried to nicely convince her to spend a few bucks on a 8 GB flash drive and back it up there, but she wanted nothing to do with it since it was "IT's problem, not mine."
Regardless of whether or not you are *permitted* to do something, doesn't mean you should.
Eh, just hand her a release of liability form to sign, with an acknowledgement that she understands anyone can access her info at any time.