The problem is that it’s at the office in the first place.
It creates a massive hole in IT security and allows attack vectors to get into government networks and files.
It’s like driving your brand new car into a busy part of town, leaving the keys in the ignition, leaving the door open, and stepping away for hours. And then doing it again the next day, and the day after that, even after each car has been stolen.
In this case its the US government so it ends up being a lot of people’s problem, but in the context of the employer and employee, its all on the employer.
If they screw up the work phone with their requirements, its theirs. If that compromises their IT security, that is also theirs.
None of that makes a lick of difference to the employee unless they use their own device or carry their work phone around outside of working hours.
The reflecting pool was the administration’s fuckup, and they aren’t the ones taking the blame for it. Same here, they will scapegoat others. Our great leaders can never be wrong.
I guess I dont see how assignment of blame plays into the equation here. If I have a work phone with only work-sanctioned apps on it, and one of them has bad security and gets compromised, that’s very much the employer’s problem because it is happening to their system via their device over an attack vector they told you that you could or must put there.
They can choose to blame you and discipline or fire you, but that still doesn’t make the app’s security flaws affect your personal security, because those flaws didn’t let the attacker into anything of yours or see any data you own. Blaming me for that may happen, but that’s just bad management and an entirely separate issue.
Airgapping your work and personal lives makes a lot of sense for this and other reasons, and it makes even more sense if your employer is trash.
Leave it at the office then.
The problem is that it’s at the office in the first place.
It creates a massive hole in IT security and allows attack vectors to get into government networks and files.
It’s like driving your brand new car into a busy part of town, leaving the keys in the ignition, leaving the door open, and stepping away for hours. And then doing it again the next day, and the day after that, even after each car has been stolen.
Those are all problems for the employer.
In this case its the US government so it ends up being a lot of people’s problem, but in the context of the employer and employee, its all on the employer.
If they screw up the work phone with their requirements, its theirs. If that compromises their IT security, that is also theirs.
None of that makes a lick of difference to the employee unless they use their own device or carry their work phone around outside of working hours.
The reflecting pool was the administration’s fuckup, and they aren’t the ones taking the blame for it. Same here, they will scapegoat others. Our great leaders can never be wrong.
I guess I dont see how assignment of blame plays into the equation here. If I have a work phone with only work-sanctioned apps on it, and one of them has bad security and gets compromised, that’s very much the employer’s problem because it is happening to their system via their device over an attack vector they told you that you could or must put there.
They can choose to blame you and discipline or fire you, but that still doesn’t make the app’s security flaws affect your personal security, because those flaws didn’t let the attacker into anything of yours or see any data you own. Blaming me for that may happen, but that’s just bad management and an entirely separate issue.
Airgapping your work and personal lives makes a lot of sense for this and other reasons, and it makes even more sense if your employer is trash.
It’s like that except it’s a company car and they’re making you do it.