Separate work environment from personal

In our company we have 14 apps. They are checking for email links, whom we are sending, online sharing platforms, code checking, inventory checking (even portable apps and browser extensions), all network communications, devices attached to the laptop, several compliance checks, and list goes on.

Humans are the weakest link. Apps are there to minimize that risk.

Thank you for sharing your company’s practices, it appears you are a member of a corporate entity that is responsible for the security of its structure and data. It is useful to take note and perhaps our topic starter will understand how deep the rabbit hole can go.

Maybe for starters OP and others who want to learn more about business environments can get a M365 tenant, like M365 Business Premium or M365 E5 Developer and then begin tinkering with it?

How? How can you track internet traffic content without deeply affecting the user experience? If you can’t, employees can simply upload the files to their online drive.

@fria: its NOT amount of apps that matters here. I agree :slight_smile:
@pinkandwhite: exactly :slight_smile:

Uh, quite easily?? Decryption and forcing all traffic through a VPN to the corpo network if you have full control over the endpoint would only break a very small number of things that use cert pinning (such as internet banking, which employees should not be doing on a work computer regardless), and EDR tools can hook the browser and track what sites are being visited without decryption being needed.

1 Like

I can encrypt the files before uploading them. I can also disconnect the VPN and use my own network. Besides, all the methods you described can only track data leaks; they cannot prevent them.

What does force mean? It was a very deliberate choice of wording.

Block the most popular cloud storage options and you thwart anyone who isn’t dedicated enough to spin up their own server (though you can even make that annoying for less-dedicated leakers by just leaving a default feature of e.g., Palo Alto firewalls enabled)

It’s quite evident you haven’t worked in a corporate environment where they actually take things seriously, besides you just moving the goalposts consistently.

1 Like

If you have a proper IT team, they will put restrictions on your business laptop. This includes blocking all traffic outside VPN. They can even force this on Safe Mode. So, you can’t just disable VPN and expect internet to work :slight_smile:

Also, if you get local admin credentials and thinking about uninstalling VPN and other software, don’t. Usually even logging out is disabled on such software and need additional credentials from the security / IT team to do that, and such actions are reported immediately.

Another thing, if you think that you can escape it by formatting your drives and reinstalling Windows, that won’t work either. This can be easily prevented by Autopilot. There are also solutions for Linux based systems, in case of you are wondering to bypass this by installing Linux on the machine.

2 Likes

They can also track the location of your work machine a lot of the time. So don’t take it anywhere you don’t want them to know about.

1 Like

I would be pretty suspicious about any work from home job that didn’t offer a computer, about whether you are getting scammed, getting roped unknowingly into a scam or getting ripped off…unless you were a contractor of some kind.

I would buy a used older machine off eBay like a Lenovo and use that for work, if the company can’t be bothered to send you a computer then they can deal with the risks of you using an $50 ebay machine

1 Like

Again, you can simply encrypt the data before uploading it. This doesn’t require any admin privileges. Additionally, what you described is no longer easy. It requires a professional team to maintain the infrastructure and support all issues experienced by employees, which can be expensive for small to mid-cap companies.

If you are a consumer, you can do whatever you want. If you are part of an organization and care about data security, you need to take precautions and apply proper security measures.

Of course, you should take precautions when possible. However, hiring a professional security team can be very expensive for many companies, and you don’t want to negatively impact your employees’ work efficiency too much.