If Work From Home becomes a thing...

Mrs OBumble · 26-05-2020 6:17pm

Interested Observer wrote: »

Maybe you can explain. I have a work phone and a work laptop, and a personal phone and a personal PC&Laptop. I do all my work on the work devices, in fact I'd get in serious trouble if I did any work on a non-work computer.

How will my employer see anything on the personal devices?

Some employers are requesting to put tools on your personal devices to ensure that they are not used for work.

Some want to put cctv into your working area.

Etc.

And provided you consent, it's not a GDPR issue.

Biker79 · 26-05-2020 6:21pm

KyussB wrote: »

You control network access to prevent data breaches - you don't spy on everything your employees do at home.

Invading the privacy of people in their own home, on their own devices - is the opposite of upholding the GDPR - it's a breach of privacy.

Everyone reading this should be recognizing that - along with employers making you all contractors who have to purchase your own equipment to work from home - there are now at least half a dozen posters justifying putting spyware on your home devices, to literally keep an eye on you in your own home...

This is very quickly becoming the new normal - there is very little time to pushback against it.

You will never regain that privacy again, once this becomes the norm. Anyone with network access to your home devices - has full access to your home network, and can trivially access all your home devices - unless you happen to be a network engineer, smart enough to secure off everything yourself.

Respectfully, you don't seem to understand how remote access systems work, or what organisations IT concerns are.

WFH as a possible cost reduction/ job devaluation exercise, is a different thing altogether. On that, I would agree with your concerns.

But I'm guessing from noises the government have made in recent days, that WFH will be supported by proper legislation soon enough.

Ballso · 26-05-2020 6:45pm

ELM327 wrote: »

No one is going to be using personal devices for work

Really? BYOD has been a thing for ages. Companies don't care what device you use to access their systems in my experience.

iQuestion · 26-05-2020 6:49pm

MOH wrote: »

If all their staff are working remotely anyway, why wouldn't companies just outsource your job to countries with a cheaper workforce, instead of funding your 3 homes?

Most of multinational companies have local staff quotas agreements with the Irish government.

26-05-2020 6:55pm

iQuestion wrote: »

Most of multinational companies have local staff quotas agreements with the Irish government.

The government is certainly very rigorous now in ensuring the materiality of onshore operations after the farce of all the ‘brass plate’ companies in the IFSC that led up to the financial crisis. I’ve direct experience of both the central bank and tax authorities being all over this in my MNC

Just4This · 26-05-2020 7:02pm

KyussB wrote: »

You control network access to prevent data breaches - you don't spy on everything your employees do at home.

Invading the privacy of people in their own home, on their own devices - is the opposite of upholding the GDPR - it's a breach of privacy.

Everyone reading this should be recognizing that - along with employers making you all contractors who have to purchase your own equipment to work from home - there are now at least half a dozen posters justifying putting spyware on your home devices, to literally keep an eye on you in your own home...

This is very quickly becoming the new normal - there is very little time to pushback against it.

You will never regain that privacy again, once this becomes the norm. Anyone with network access to your home devices - has full access to your home network, and can trivially access all your home devices - unless you happen to be a network engineer, smart enough to secure off everything yourself.

To answer some of your points from someone who works in this field. This is not a personal dig. Just to give you a viewpoint from the other side:

You control network access to prevent data breaches - you don't spy on everything your employees do at home. ==> Network monitoring is only PART of the solution. 80% of data breaches are internal and 90% of this 80% is unintentional by someone installing a cracked product they have downloaded with embedded keyloggers/trojans/whatever or some attachment they opened or various other methods unaware to the user. Must companies would have a strict policy on what can be installed on a device that connects to their network: It must have certain Anti-virus packages, nut have various forms of encryption, must NOT contain certain applications. If a device does not comply then it should be blocked from accessing the network. The greatest threat to a computer network is 1 foot from a keyboard. It is much easier to KEEP someone out that GET someone out.
Invading the privacy of people in their own home, on their own devices - is the opposite of upholding the GDPR - it's a breach of privacy. ==> You twist this to your own misunderstanding. This absolutely IS a GDPR issue. Do you seriously think a corporation is more interested in looking for files labeled "My secret porn stash" or are they looking for documents containing security/confidential tags that a person should not have access to? Do you not think they should know if these files were being transferred over a mail service they do not manage like any webmail or social media outlets. Companies are not interested in what you have on your personal computer. They are interested in what you SHOULDN'T have of theirs on your computer.

Some companies allow BYOD (Bring Your Own Device). If this is the case then of course this personal device should comply with corporate security standards. Breaches occur at the weakest link.

I do believe that a company should provide remote work hardware (laptop/desktop/tablet/phone/whatever). But some people prefer using their own device: Leaving their work machine in the office and using a personal device at home. So this MUST be secure. That means being able to check hard drives for known signatures, checking ports on your machine and even blocking known malicious sites. If a person does not want this then a person does not need to work from home or use their own device.

I do not agree with "If you've got nothing to hide what's the problem?". I am just as concerned about people's privacy as anyone else. First and Foremost: A company only wants to protect itself and that's where these tools come in. Secondly: See First and Foremost. A fundamental of network communication is called the OSI Model: A 7 layer conception of telecommunication. There is a phrase: There is no protection for Layer 8 (The human level).

It's interesting how people have such a problem with this and yet have no proplem with the data that Google and Apple have (Your phone knows how long it takes you to get to work..... Did you enter your work details? Chances are, no). Or tracking cookies on your browser or using Alexa in your bedroom and sittingroom to turn on and off lights.

A company doesn't care about what what's on your computer... It cares about THEIR stuff on your computer and it wants and needs to do everything to protect that info. How many times have there been data breaches because someone didn't update their anti-virus or disabled antivirus because it was slowing their personal machines? You read about it in the papers and think: "What a joke!!!" Or they've taken home a file to work on at home? So they mail it to their gmail account which uses the same credentials as their yahoo account which was breached years ago.

In short: They don't care about our ****.... They care about THEIR ****

Rodney Bathgate · 26-05-2020 7:08pm

Ballso wrote: »

Really? BYOD has been a thing for ages. Companies don't care what device you use to access their systems in my experience.

Some do, some don’t. To say ‘companies don’t care’ is inaccurate.

snoopboggybog · 26-05-2020 7:16pm

KyussB wrote: »

You control network access to prevent data breaches - you don't spy on everything your employees do at home.

Invading the privacy of people in their own home, on their own devices - is the opposite of upholding the GDPR - it's a breach of privacy.

Everyone reading this should be recognizing that - along with employers making you all contractors who have to purchase your own equipment to work from home - there are now at least half a dozen posters justifying putting spyware on your home devices, to literally keep an eye on you in your own home...

This is very quickly becoming the new normal - there is very little time to pushback against it.

You will never regain that privacy again, once this becomes the norm. Anyone with network access to your home devices - has full access to your home network, and can trivially access all your home devices - unless you happen to be a network engineer, smart enough to secure off everything yourself.

I work in IT and seriously you don't have a clue of what you are talking about.

There are solutions available for users to work off their own personal laptops which are not intrusive on their home computer in any what way, shape or form and are fully secure and correspond to GDPR compliance. One example would be Citrix. You cannot copy any company data off what you login into to your own personal device. We can monitor Citrix from our end. The company can disable your access in a second.

Then the most common method is the company gives you a laptop which is encrypted connected to their backend systems using a VPN. Your access to systems is generally based around your AD account which can be disabled in a second.

Ballso · 26-05-2020 7:24pm

Rodney Bathgate wrote: »

Some do, some don’t. To say ‘companies don’t care’ is inaccurate.

It's not inaccurate, I do a lot of work in the banking sector and access systems remotely every day. They are all Citrix VDI on any device you like.

TheIrishGrover · 26-05-2020 7:28pm

KyussB wrote: »

You control network access to prevent data breaches - you don't spy on everything your employees do at home.

Invading the privacy of people in their own home, on their own devices - is the opposite of upholding the GDPR - it's a breach of privacy.

Everyone reading this should be recognizing that - along with employers making you all contractors who have to purchase your own equipment to work from home - there are now at least half a dozen posters justifying putting spyware on your home devices, to literally keep an eye on you in your own home...

This is very quickly becoming the new normal - there is very little time to pushback against it.

You will never regain that privacy again, once this becomes the norm. Anyone with network access to your home devices - has full access to your home network, and can trivially access all your home devices - unless you happen to be a network engineer, smart enough to secure off everything yourself.

I'm sorry but this is just incorrect on so many levels technically and non-technically.

KyussB · 26-05-2020 10:48pm

Interested Observer wrote: »

Maybe you can explain. I have a work phone and a work laptop, and a personal phone and a personal PC&Laptop. I do all my work on the work devices, in fact I'd get in serious trouble if I did any work on a non-work computer.

How will my employer see anything on the personal devices?

You will be a contractor having to fund your own work equipment shortly - your personal devices become your work devices.

Anything that is allowed access to your home network, can trivially access almost everything else on your home network - you give a shithead manager with passable knowledge of network scanning and pen testing, access to a computer on your network, through a VPN that mandatorily installs corporate spyware, and they can snoop on everything, both personal and work. This is going to become formalized soon, with corporate networking tools explicitly for scanning/accessing your home network.

Do you think that is a good idea? (Hint: No - it is fucking Orwellian and incredibly stupid idea - which is about to become the norm)

snoopboggybog · 26-05-2020 10:51pm

KyussB wrote: »

You will be a contractor having to fund your own work equipment shortly - your personal devices become your work devices.

Anything that is allowed access to your home network, can trivially access almost everything else on your home network - you give a shithead manager with passable knowledge of network scanning and pen testing, access to a computer on your network, through a VPN that mandatorily installs corporate spyware, and they can snoop on everything, both personal and work. This is going to become formalized soon, with corporate networking tools explicitly for scanning/accessing your home network.

Do you think that is a good idea? (Hint: No - it is fucking Orwellian and incredibly stupid idea - which is about to become the norm)

How does that work through Citrix? I don't really think you understand how remote access works on personal devices.

KyussB · 26-05-2020 10:52pm

Biker79 wrote: »

Respectfully, you don't seem to understand how remote access systems work, or what organisations IT concerns are.

WFH as a possible cost reduction/ job devaluation exercise, is a different thing altogether. On that, I would agree with your concerns.

But I'm guessing from noises the government have made in recent days, that WFH will be supported by proper legislation soon enough.

I work specifically with networking programming and security - I know my stuff fairly well, thanks. Giving anyone access to your home network like that, let alone your personal devices, is fucking scary and insane.

Rodney Bathgate · 26-05-2020 10:53pm

Ballso wrote: »

It's not inaccurate, I do a lot of work in the banking sector and access systems remotely every day. They are all Citrix VDI on any device you like.

Not every company, so not accurate.

Ballso · 26-05-2020 10:56pm

KyussB wrote: »

I work specifically with networking programming and security - I know my stuff fairly well, thanks. Giving anyone access to your home network like that, let alone your personal devices, is fucking scary and insane.

You're talking through your arse.

snoopboggybog · 26-05-2020 10:59pm

KyussB wrote: »

I work specifically with networking programming and security - I know my stuff fairly well, thanks. Giving anyone access to your home network like that, let alone your personal devices, is fucking scary and insane.

Your talking nonsense, Working from home is not a new thing.

Ballso · 26-05-2020 10:59pm

Rodney Bathgate wrote: »

Not every company, so not accurate.

I didn't say every company, Jesus. BYOD is extremely common in large organisations in my experience.

snoopboggybog · 26-05-2020 11:03pm

Ballso wrote: »

I didn't say every company, Jesus. BYOD is extremely common in large organisations in my experience.

And how are these peoplelogging in? My guess through Citrix or something similar? Or even just a web browser into Azure?

Rodney Bathgate · 26-05-2020 11:07pm

Ballso wrote: »

I didn't say every company, Jesus. BYOD is extremely common in large organisations in my experience.

You said ‘companies don’t care’. I know plenty that do care. Pretty basic logic to figure out that your statement is NOT accurate.

afatbollix · 26-05-2020 11:10pm

Our COO hated WFH before this. Crazy to think that it took a virus to move most companies online.

In the company I work in, We had a lot of specialists from around the world. Most went home to Thailand, Iran, Italy, Poland, India, etc etc.

It's also crazy that I'm getting 50Mbps half a mile from Twickenham stadium whereas where I grew up on the west coast of Ireland I could get 1Gpbs.

For me, Ill look to move out of London, Down the country maybe, Will need a garage/office tho that will be on the list now instead of that extra bedroom.
Also going to work from home for August in the coming years, Spend a week or two in France or Italy all I need to do is work during the day and we can spend the evenings together.

KyussB · 26-05-2020 11:11pm

Just4This wrote: »

*snip to reduce length*

Take all of the logic about corporate networks that you just applied, and reverse it around and apply it to the employee's home network.

Would you let an employee install a spyware tool on your corporate network, able to snoop on anything they like across the whole network, and fuck around with common backdoors/exploits to gain access to other systems? (it's amazing how insecure everyday network-connected household devices are, after all...)

No. No you wouldn't. So I don't see any good reason, why an employee should ever trust a company with access to their home network, with exactly the same degree of risk and problems!

Our personal privacy and data/technical privacy is not up for sale, thanks - people should tell any corporation that wants to gain that level of surveillence over their personal lives and stuff, to fuck off - and should force the government to make it explicitly illegal.

Everyone out there has heard of other peoples experiences with invasive, bullying, manipulative managers (or has had the misfortunate to deal with this themselves), and they know full well how dangerous it is to let anyone like that have access to their home network, and be able to spy on them and monitor or interfere with their stuff (whether that be work or personal), and do anything they like pretty much.

That is insane. That is as much asking for trouble at a personal/employee level, as it is for a corporation to have unsecured networks.

I mean did you miss all the discussion just a short bit ago, of people routinely being fired for snooping on shit they shouldn't have been? It's a routine occurrance - it's not just at risk of happening, it's guaranteed to happen.

Imagine if you're someone like McCabe, or e.g. Jonathan Sugarman would be a more appropriate example (worked in a bank and blew the whistle on regulatory breaches) - a whistleblower like the latter, working from home, would be fully open to reprisals from e.g. their employers accessing their personal devices on the home network (there is an abundance of black-hat tools free to purchase out there that can access pretty much any OS over the network), in order to plant incriminating data (e.g. child porn) on the persons computer, to discredit them etc..

If the type of work you're providing involves sensitive data to such an extent that you'd even contemplate the onerous and Orwellian intrusion of privacy that you're talking about - then it must not be work done from home, it has to be done from the office, or done in the cloud (and cloud-hosted work environments, are a perfectly reasonable alternative, which solves a lot of the problems - but certainly not all of them).

I think you'll find that people do have a problem with the tracking from Google/Apple etc. - and that they very much don't want their employers being able to track them to an even greater intrusive degree.

Ballso · 26-05-2020 11:11pm

snoopboggybog wrote: »

And how are these peoplelogging in? My guess through Citrix or something similar? Or even just a web browser into Azure?

Web browser is all that is required.

Ballso · 26-05-2020 11:13pm

Rodney Bathgate wrote: »

You said ‘companies don’t care’. I know plenty that do care. Pretty basic logic to figure out that your statement is NOT accurate.

Ok chief, you win the internet well done.

Rodney Bathgate · 26-05-2020 11:14pm

Ballso wrote: »

Ok chief, you win the internet well done.

Why can you not just admit that your post was not accurate? Why fight a losing battle?

Ballso · 26-05-2020 11:18pm

KyussB wrote: »

Take all of the logic about corporate networks that you just applied, and reverse it around and apply it to the employee's home network.

Would you let an employee install a spyware tool on your corporate network, able to snoop on anything they like across the whole network, and fuck around with common backdoors/exploits to gain access to other systems? (it's amazing how insecure everyday network-connected household devices are, after all...)

No. No you wouldn't. So I don't see any good reason, why an employee should ever trust a company with access to their home network, with exactly the same degree of risk and problems!

Our personal privacy and data/technical privacy is not up for sale, thanks - people should tell any corporation that wants to gain that level of surveillence over their personal lives and stuff, to fuck off - and should force the government to make it explicitly illegal.

Everyone out there has heard of other peoples experiences with invasive, bullying, manipulative managers (or has had the misfortunate to deal with this themselves), and they know full well how dangerous it is to let anyone like that have access to their home network, and be able to spy on them and monitor or interfere with their stuff (whether that be work or personal), and do anything they like pretty much.

That is insane. That is as much asking for trouble at a personal/employee level, as it is for a corporation to have unsecured networks.

I mean did you miss all the discussion just a short bit ago, of people routinely being fired for snooping on shit they shouldn't have been? It's a routine occurrance - it's not just at risk of happening, it's guaranteed to happen.

Imagine if you're someone like McCabe, or e.g. Jonathan Sugarman would be a more appropriate example (worked in a bank and blew the whistle on regulatory breaches) - a whistleblower like the latter, working from home, would be fully open to reprisals from e.g. their employers accessing their personal devices on the home network (there is an abundance of black-hat tools free to purchase out there that can access pretty much any OS over the network), in order to plant incriminating data (e.g. child porn) on the persons computer, to discredit them etc..

If the type of work you're providing involves sensitive data to such an extent that you'd even contemplate the onerous and Orwellian intrusion of privacy that you're talking about - then it must not be work done from home, it has to be done from the office, or done in the cloud (and cloud-hosted work environments, are a perfectly reasonable alternative, which solves a lot of the problems - but certainly not all of them).

I think you'll find that people do have a problem with the tracking from Google/Apple etc. - and that they very much don't want their employers being able to track them to an even greater intrusive degree.

It takes my company a week to onboard a new employee ffs (they still manage to **** up basic IT Operations), you think they are going to set up a covert operations team to develop solutions which penetrate all the employees devices connected to their home network!

Just keep a second set of airgapped devices if you are so paranoid. The good news is as we are all too be made contractors according you we can offset the cost from our tax bill.

KyussB · 26-05-2020 11:19pm

snoopboggybog wrote: »

I work in IT and seriously you don't have a clue of what you are talking about.

There are solutions available for users to work off their own personal laptops which are not intrusive on their home computer in any what way, shape or form and are fully secure and correspond to GDPR compliance. One example would be Citrix. You cannot copy any company data off what you login into to your own personal device. We can monitor Citrix from our end. The company can disable your access in a second.

Then the most common method is the company gives you a laptop which is encrypted connected to their backend systems using a VPN. Your access to systems is generally based around your AD account which can be disabled in a second.

Good for you, so do I - networking programming and security.

You give an employer the ability to intrusively monitor/scan your device, run whatever crap they like on it - then you're fucked and wide open to abuse.

VPN's and the meagre level of monitoring that Citrix provides, are not the issue - employers are looking at a whole other level of invasive intrusions on employee privacy - I actually am closer to agreeing with you than others, that protection should be at the network/VPN level, and cloud-hosted rather than user hosted where possible - not giving users access they shouldn't have in the first place.

Ballso · 26-05-2020 11:23pm

Rodney Bathgate wrote: »

Why can you not just admit that your post was not accurate? Why fight a losing battle?

Companies don't care what device you use to access their systems in my experience.

Read the sentence again, slowly. Try not lose focus before the last three words.

KyussB · 26-05-2020 11:24pm

snoopboggybog wrote: »

How does that work through Citrix? I don't really think you understand how remote access works on personal devices.

Citrix is not what's being discussed - employers want tracking software on peoples WFH equipment, and in many cases personal equipment - cloud hosted workspaces are a related issue, but not with the same level of personal invasiveness.

Rodney Bathgate · 26-05-2020 11:25pm

Ballso wrote: »

Companies don't care what device you use to access their systems in my experience.

Read the sentence again, slowly. Try not lose focus before the last three words.

Seriously? Cop on. You made a statement that was clearly inaccurate and aren’t man enough to admit it? FFS. You are like a child.

snoopboggybog · 26-05-2020 11:25pm

Ballso wrote: »

Companies don't care what device you use to access their systems in my experience.

Read the sentence again, slowly. Try not lose focus before the last three words.

:rolleyes::rolleyes:

If Work From Home becomes a thing...

Comments