Недавно моя компания начала усиленно работать над интернет-безопасностью как для корпоративных, так и для личных устройств. Это, конечно, хорошо.
Из-за этого они хотят ограничить доступ личных устройств к файлам компании. Полностью понятно. Однако я иногда вхожу в отдельный профиль Chrome (корпоративный), чтобы проверить почту после работы.
Им это разрешено при условии установки ESET, который позволяет им видеть, когда мой компьютер был в последний раз онлайн.
Однако я не хочу, чтобы им было видно мою личную историю браузинга и файлы на компьютере. На вопрос об этом мне отвечают следующее:
В дополнение, мы никогда, нигде не читаем файлы на вашем компьютере. Кроме того, у нас нет для этого никакого смысла, это не добавляет ценности к нашей цели. Мы хотим установить ESET — это антивирусная программа. Благодаря ей мы можем видеть, например, когда компьютер был в последний раз онлайн, какие характеристики у вашего компьютера и так далее. Это не интересно и, по нашему мнению, не содержит чувствительных данных о вашей личной информации.
Я хорошо знаю IT-специалиста и верю его словам. Просто чтобы проверить, могут ли они читать историю браузинга и файлы только с помощью ESET?
Get a laptop for work. Do not mix private and business data. It’s messy for both you and your employers. See if they will give you a stipend towards buying a laptop to use just for work.
Edit: also, if you chose to use your private device for work, and install the software they require, assume that they are able to see everything you do and access any file on your computer. Doesn’t mean they will look. It will mean they can anytime they want though.
Never install anything from your employer on a personal device. Sandbox it if you must.
I have a HyperV install for some clients to access their networks which act like their machines. And in my phone virtual android setup to access mobile services for others.
I’ve never used ESET, but I did a little research and found that the ESET agent connects to an ESET RMM. Meaning, yes, it can be used to monitor your activity and has the capability to access all your files. That being said its not nearly as robust as an actual spying software. Chances are the IT guy is right and isn’t using it to snoop through employees files, but ya never know.
Looks like your company is struggling with their BYOD policy, probably because they were caught flat-footed by the remote work boom. Your employer can require a security baseline for any equipment they provide you, and they can require you to opt into a security baseline for any equipment you own that will connect to company assets.
They cannot require you to use a personal device for work. If you are employed (a W-2 employee; not a 1099 contractor), they must equip you with the workstation needed to do your work, but they can take action against you if it is stated in your agreement that you will only do work from work equipment.
TL;DR: It’s okay to politely request a company laptop with all their security controls instead of installing their security controls on your personal device.
I manage ESET where I work, they can see all of your computer specs, installed programs, patch level of your system, can isolate your computer from the network, reboot, etc… they can even set restrictions to what websites you visit. I’m going to sound like a parrot, get a second device, or better yet, bring a valid justification to IT for you to have an issued device just for your remote access.
I use ESET in my small business. The RMM allows you to run and have a lot of control over the endpoint. This of course also depends on the license and what services are enabled
Like everyone else said segment work and personal at some level. This not only creates security complexity but also significant privacy complexity given the crossing of barrier from work into personal devices. IT should also think about how to account for contractors/BYOD whether it be they have a work computer and agree to install or use VDI. Some endpoint tech can distinguish between corporate and personal but due to the nature of what ESET needs to do it may not support that level of distinction, unfortunately.
I would be more concerned about your IT department thinking ESET Antivirus is going to protect you against threats we’re seeing today. It’s so interesting when companies say they want to improve their cybersecurity posture but go with cheap off the shelf products from Best Buy. Wild shit man.
Correct me if I’m wrong, but if the main goal was to limit private device access to company files, couldn’t this be accomplished without installing something on OPs laptop? Maybe they could implement DLP and NAC?
ESET is a good anti-virus, getting it for free for your personal device is nice. You should be able to learn about the product directly from their website
What version of ESET is it? Depending on what license they are using they will have more or less visibility on your device.
But ultimately, I would say don’t do it. If they won’t provide you with a VM or a work laptop, turn on hyperv at home and create a “work VM” to sandbox it yourself. Yeah, it doesn’t change much as far as them knowing your IP, etc (which they know anyway if you are using M365 or other SaaS tools you log in from), but it’s a great way to keep your information separated.
In my company people who wants to use email on their personal phones have to create a separate profile that can be remotely erased in case of lost/stolen device. Using personal device should not be allowed by default as it is a liability for the employer.