Slashdot Mirror


Ask Slashdot: Using Company Laptop For Personal Use

An anonymous reader writes "I'm starting a new job soon, and I will be issued a work laptop. For obvious reasons I cannot name any names, but I can state that I do expect my employer to have tracking software on the laptop, and I expect to not be the administrator on the device. That being said, I am not the kind of person who can just 'not browse the internet.' If I ever have to travel with this laptop, I may want to read an ebook or watch a movie or maybe even play a game. I can make an image of the drive, then wipe the machine, and restore it back to its former state if I ever have to return it. I can use portable apps off a usb key and browse in private mode. The machine will be encrypted, but I can also make myself my own little encrypted folder or partition perhaps. Are there any other precautions I could or should take?"

21 of 671 comments (clear)

  1. Re:Buy your own by ribit · · Score: 4, Insightful

    We don't know what the terms or the job are. If you travel a lot with work, having to haul two laptops around may be unreasonable.

  2. Re:Don't go there... by Anonymous Coward · · Score: 4, Insightful

    Agreed. It's THEIR notebook, not yours. They bought it. It belongs to them. They have loaned it to you for work purposes. Don't abuse that by messing around with it.

    If you want to do other stuff, buy your own notebook, tablet or smartphone.

  3. Are you serious? by Pollux · · Score: 5, Insightful

    If you're seriously thinking that you need to go through that much trouble to hide your "bad work habits," the problem really is you. You appear to be aware of your less-than-exceptional work habits. Reading between the lines, it almost appears as though you lost another previous job because of your self-distractions during work.

    Rather than try and hide your browsing history, why not try working for a change? They are paying you to work, after all. And on periods of downtime, bring your own laptop.

  4. Re:Wow by Alan+Shutko · · Score: 5, Insightful

    Nope. But that's life.

    In my case, I worked to get rid of the company-issued laptop in favor of citrixing into my desktop at work. That means I have to carry less, and since I'm not constantly on the road, works well for me.

  5. Slow Nerd Day? by Trip6 · · Score: 4, Insightful

    The answer is so obvious to get your own laptop that I can't believe this even made it on the boards. Slow nerd day?

    --
    I hate being bipolar; it's awesome!
  6. I am absolutely stunned by msobkow · · Score: 4, Insightful

    I know people will go to great lengths to complain about their "right" to abuse company resources for their own benefit, but this takes the cake.

    You want to WIPE the company hard drive and all the software that is provided for you to do your job, and you don't see a fundamental flaw in this reasoning?

    You, sir, are a selfish, greedy, ignorant, and probably USELESS fuck who shouldn't be hired by ANYONE.

    --
    I do not fail; I succeed at finding out what does not work.
  7. Is the employer really that draconian? by swillden · · Score: 4, Insightful

    The other posters have covered well the fact that you really shouldn't try to work around the employer's policies. Getting caught is likely, and almost certainly grounds for termination. Don't go there.

    That said, you should find out what the employer's policies actually are, rather than just assuming they're going to be insane. I've had a company-issued laptop since the mid-90s, with several different employers, and none of them have done what you describe. Moreover, I've also spent years consulting with dozens of companies about their IT security policies, including management of laptop use, and none of them have approached it the way you describe, either.

    Most employers care about (in decreasing order of importance):

    1. The security of their data. There are lots of good reasons for this, obviously. This includes things like full-disk encryption to ensure that if the laptop is lost the data it might carry is not revealed, and mal-ware prevention in order to prevent mal-ware from revealing important data.

    2. The security of their network. Since you'll bring the laptop into the office and connect it to the network, employers don't want the laptop to be a vector for malware or targeted attacks.

    3. Preventing HR problems. Stuff like porn on screens in the office can create sexual harassment lawsuits. This is the primary reason for anti-porn rules.

    4. Productivity. Misuse of company equipment on company time means (arguably) that productive work that should be done isn't. This is another reason for anti-porn and anti-surfing rules.

    Different companies take different approaches to managing these risks. A common, if very authoritarian, approach to limiting malware, for example, is to allow only software which is specifically approved by IT to be installed on the machine. Keylogging doesn't really accomplish any of the above, however, and I've never seen any company who does it, with the exception of one company that installs a browser plugin which watches for users typing their corporate password into non-company web sites.

    If you're using the laptop at home, on your own time, I don't think most employers will care if you surf a little, check your personal e-mail, watch Netflix, etc. They may or may not care if you surf porn. I think most would rather not know. Outside of that, if it doesn't require changing the security configuration of the laptop, doesn't require installing software and doesn't interfere with productive work, I doubt they're going to care.

    Check out the policy carefully, ask questions to make sure you understand it, and then comply with it. But I would be surprised if the policy truly is as draconian as you say.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  8. Re:No by Collapsing+Empire · · Score: 5, Insightful

    Once you lose physical control of a machine, you really can't say much about the security of it. You don't know where that laptop has been or who else might have tampered with it while it has been traveling the globe. The best you can really do is the standard antivirus scans. But that doesn't stop a 0-day or a custom written trojan.

    You really ought to be treating all portable devices as potentially hostile devices and securing (and monitoring) your networks accordingly.

    IMO if the user is competent enough to install Linux or their own custom Windows image on there, I don't think you are any worse off than it was previously. Seeing how out of date some IT departments are with patching and service packs, the machine may end up being more secure.

  9. Re:No, there's no need by Anrego · · Score: 5, Insightful

    I would take any of that as a sign that your employer is serious about controlling their equiptment and trying to subvert their control is a sure way to find your stuff in a box at reception when you get back from your trip.

    In other words, a sign to buy your own laptop ;p

  10. Re:Don't go there... by icebike · · Score: 5, Insightful

    If they give you a company car to take home, chances are they allow grocery shopping.

    But if you have to jump on Slashdot and ask about GPS jammers and how to disconnect your built in Nav in a company car so that the company can't know that you routinely stop by the strip club on the way from/to customer meetings, you already have stepped over the line.

    --
    Sig Battery depleted. Reverting to safe mode.
  11. Re:Simplest is goodest. by The+Good+Reverend · · Score: 4, Insightful

    Perhaps you're injecting your own life into your posts here?

    I love the internet. I love web surfing. I love communicating with friends and family that aren't close to me. But I also like to read, to go drink beer with friends, and to spend too many hours in my garden. The two are not mutually exclusive.

    To say that he has an addiction because he's asking about technology tells much more about you than it does about him.

  12. Re:No by maxwell+demon · · Score: 5, Insightful

    Another solution is to simply ask the employer, if some personal use of the laptop is OK, and if so, to what extent. Maybe you'll get the answer that your intended usage is fine, and then you'll not have to worry at all about how to hide it.

    Indeed, if I were the employer, if someone asked I'd probably be fine with it, but if someone were playing tricks to hide and I'd find out, I'd seriously consider firing him.

    --
    The Tao of math: The numbers you can count are not the real numbers.
  13. Re:No, there's no need by centuren · · Score: 5, Insightful

    I can make an image of the drive, then wipe the machine, and restore it back to its former state if I ever have to return it.

    Is your new job worth it? Not saying you'll automatically lose your job over that, but I can't imagine it'll go over well. Especially as you'd be using your (non-work prepared) laptop for doing work and might inadvertantly put them at risk (the kind of risk they hope to eliminate by issuing you the laptop in the first place).

    The simple solution is get yourself a USB / livecd type distro. Don't touch the hard drive.. and if it's encrypted, you shouldn't be putting your company at risk (assuming you don't use the same key for anything else). Personally I'd ask your IT guys if they are ok with this before doing it. Sometimes they can actually be reasonable about this kind of stuff.

    The real solution here is to leave your work laptop alone completely and get your own laptop for personal use.

    The parent correctly points out that you can use a live distro and avoid having to touch the company's hard drive.

    Maybe, maybe not. There may be key-loggers installed which still grab your keystrokes.
    Further, you can set up machines to prevent booting from anything other than the hard drive, then lock the bios.

    Just to be clear, OP is saying he is "not the type of person who can't look at pornography" right? In this work-related scenario, if that's the case, get your own laptop, tablet, or smart phone.

    If that's not the case and he is worried any personal use will get you in trouble, that's probably something he should clarify. I know plenty of unreasonable work places are around, but it is unreasonable to expect no personal use from a company laptop in constant possession of an employee (especially outside of work hours).

    If neither is the primary case and you are expecting the laptop to be so locked out that you can't run anything but an office suite and the company-modded IE-engine software, then, as was pointed out, run a separate OS off a thumb drive. If the hardware is completely locked-down, back to the tablet/smartphone concept. Look up the policy, talk to the IT guys, but, essentially, DON'T do something that can mess up IT's carefully locked down security, and DON'T do things that are illegal or NSFW.

    If the issue isn't "I want to look at pornography on my work laptop", why would the company care if he reads an ebook or watches a movie, if it's done responsibly (and somewhat out in the open, so all that's monitored is a lot of "unknown activity")? It kind of sounds like it's a porn thing, though. Maybe it's the inferred metaphorical air quotes.

  14. Re:Buy your own by pla · · Score: 4, Insightful

    Buy your own laptop to fuck around with you cheap bastard. The laptop is the property of your employer and if you don't agree to the terms they set then don't work for them.

    This is an entirely fair point of view.

    To which I would respond, if my employer presented it as an argument, by leaving said laptop at the office 24/7/365. I might take it to (on-site) meetings so I could actually get some work done in the back of the room while the 3rd assistant VP of Buzzword Optimization drones on with a variety of incorrectly-used physics metaphors.

    Companies provide people with laptops in the hope that those people will do "free" extra work for the company. In some cases, the use of a laptop for whatever-the-hell-I-want while stuck in a hotel room for four days between conference sessions makes up for that extra work they might occasionally get out of me. If I can't use it for anything but work, I view it as nothing but an albatross to lug around, feed, and check through security. And if it actively tracks me while on my own time - thankyouverymuchbutfuckrightoffnow, 'kay?

  15. Re:Simplest is goodest. by John+Bresnahan · · Score: 5, Insightful

    This is one of the reasons the iPad is so popular. It makes a good personal web-surfing device when traveling on business with the company laptop.

  16. Re:No by Bill_the_Engineer · · Score: 5, Insightful

    I'd hope that the people I issue laptops to are responsible and trustworthy. Personally I don't care if they use the laptop for personal web browsing or e-book, as long as they do it on their own personal time. Most appropriate use agreements say the same thing. I do draw the line at installing programs on the laptop.

    However I always strongly suggest people to have their own laptops/computers for personal use. Information stored in the form of cookies, browser history, etc. can be embarrassing or worse. There was a local county worker who was dismissed for inappropriate material being found on his work laptop while it was being serviced by the IT contractor. No one thinks about the laptop failing and having your personal data locked up for the IT repair guy to find. I find it amusing that they warn of key logging (which isn't as wide spread) but aren't as cautious about being caught in a compromising position.

    Another (and more appropriate reason for the people I work with) reason being that the company I work for (and most others) consider the use of company equipment for personal financial gain as an offense worthy of dismissal and any goods produced on company equipment as their property. Lawyers are more expensive than a laptop - a.k.a an ounce of prevention is better than a pound of cure.

    You really ought to be treating all portable devices as potentially hostile devices and securing (and monitoring) your networks accordingly.

    Placing company laptops in a DMZ doesn't always make for a productive work environment nor is your monitoring idea that effective. A compromised laptop can still "behave" in a company private LAN and once connected to a public hotspot send its payload to whomever. There is a reason we like locking down company equipment. Locking down company equipment also has a "cover your ass" attribute that network monitoring alone can't offer. Also depending on the industry there are regulations that may dictate such measures to be taken.

    IMO if the user is competent enough to install Linux or their own custom Windows image on there, I don't think you are any worse off than it was previously. Seeing how out of date some IT departments are with patching and service packs, the machine may end up being more secure.

    The employee should stick to his/her paid job assignment and let IT do the job for which they are paid. I have company equipment that have two or more operating systems on them, but they were all approved by IT first and my job directly depends on it. I believe altering the contents of a company laptop in such a drastic manner without the consent of IT may be a severe violation of the use agreement.

    --
    These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
  17. Is your paranoia justified? by HapSlappy_2222 · · Score: 4, Insightful

    In my experience, having a company laptop issued to you is much like having a company car issued to you. Take care of it, don't do anything you're not supposed to with it, and remember it's issued to you to make your job easier, so make sure it does. I can't think of a single thing that you should be doing on a company laptop that you'd need to encrypt or hide from your employer (remember, THEY own the hardware), so a lot of your question is moot.

    Stuff like reading an e-book, browsing the web, or customizing it to your specification is probably fine, assuming it doesn't interfere with your actual work. Well, unless your company has specifically told you NOT to do these things, in which case you really should bring a second, personal, laptop (or kindle, or ipad, as others have said) with you. Doing anything you'd be embarrassed to have your boss find out about is simply not a good idea, though. Think of it like it's your work desktop, only portable, and adjust your usage accordingly.

    I don't see why this question needs a more complicated answer than this. If you still have questions, ask your boss. None of us on Slashdot are policymakers for your company, and asking us to decide for them is silly.

  18. Re:No by unixisc · · Score: 4, Insightful

    I fully agree w/ this. In all my jobs, I made it a point to not do any personal stuff on work laptops (and once they disabled webmail sites like gmail, the only potentially urgent personal thing to do was out the window). On my home laptop, I did whatever non-work related stuff I wanted. Never faced any issues - particularly given how it's well known that there is no guarantee of privacy as far as one's work laptop is involved.

  19. Re:No by PNutts · · Score: 4, Insightful

    Holy jebus. You should be embarrased to post that in what used to be technical forum. A laptop in possession of a trustworthy employee governed by policy is not losing physical control. It's not your resource to do what you please and you don't manage it. You also didn't build and tweak it so don't assume the things that work on yours will work at it. The company will have policies on what's appropriate ranging from "no personal use" to "occasional use" to "go forth and surf". The OP didn't mention what the policies and so this entire thread will be a flame war. The rest of what you say is so obvious as to be insulting. Except the last paragraph which is dangerously naive. Any decent IT shop will evaulate the risks before rolling out a patch just because it's Tuesday. It might not be necessary at all.

    Just because the OP has no self-control to 'not browse the internet' that doesn't mean his company has to assume the cost and risk of him doing so.

  20. Re:No by Tom · · Score: 5, Insightful

    All the information needed to access corporate services is in my possession anyway, so you're none the wiser. If you block Internet access at work, I will happily tether to my iPhone or bring my iPad.

    Let me get this straight: You would connect to the corporate network using a private, unapproved machine? And you would then connect that machine directly to the Internet?

    In several environments in which I've worked, as the IT Security/Compliance Officer I would recommend you for immediate termination.

    Just because you think that you are entitled to your own rules doesn't make it so. If you don't like my rules, you are welcome to come into my office and discuss them with me. You better have good reasons, because I do.
    You are not free to just break the rules and open up the corporate network to the world at large, bypassing all the security layers that are there for a reason.

    --
    Assorted stuff I do sometimes: Lemuria.org
  21. Re:No by Tom · · Score: 4, Insightful

    You can lock down a notebook well enough that it requires malicious intent and considerable technical skill to tamper with it.

    The fact that there is no 100% security doesn't mean that there isn't 99% security.

    IMO if the user is competent enough to install Linux or their own custom Windows image on there, I don't think you are any worse off than it was previously. Seeing how out of date some IT departments are with patching and service packs, the machine may end up being more secure.

    Maybe. But that "more" of security could be in the wrong place, while the security that actually matters for the threat scenarios that the risk assessment has defined has been reduced.

    --
    Assorted stuff I do sometimes: Lemuria.org