Oh no, not likewise. There’s zero chance you have any real world experience under your belt, that much you’ve made very clear. You’ve already let it slip that you’re just a consultant lol. A glorified salesman playing around in SMB land no doubt. At best, maybe somebody who actually dipped his toes into IT generalism two decades ago and has been out of the game since? I know the type lol.
It’s probably best if you were to stay in your lane and let the professionals worry about security.
Exactly. We use a VPN to connect to anything somewhat important, and anything truly important requires manual access and approvals. I’m in a pretty senior dev position, and if I lost my laptop:
they’d have to break my password or biometric login (disk is encrypted) - with this they get access to most of our code, but no secrets
they’d need to hack my phone to access any internal documentation or test environments due to 2FA
they’d need to hack my password manager to access anything non-documentation - code repos, prod logs, etc
they’d need to hack someone else’s machine to get access to actual prod data, which is probably what they really want
And I’m not doing anything special here (and I’m certainly not a security professional), that’s everyone’s machines due to company policy. We also don’t handle anything particularly sensitive, the most sensitive thing I have is proprietary algorithms, and we’d sue anyone if we suspected they stole our code.
Oh, and if they try to run something sus, it’ll send a report to our IT dept. I actually got contacted by our IT dept because I ran something unfamiliar (I really like my CLI tools), so they added an exception after personally verifying with me that it’s not a hack.
We have teams across the globe, both inside the org and outside, and we haven’t had any issues with security, and we do regular audits. Our security team isn’t particularly special either, I’m sure many other companies have much tighter security than we do.
I work in telecomms, major strategic projects. I dont have an office to return to, for 9 years I have had no office. My computer can be wiped remotely amd requires 2fa to connect to the vpn.
We have never had a security incident that wasnt someone’s laptop being stolen.
So how did those laptops get stolen? Would that have been possible if their users worked on a local client at the office?
Rocket science is a fucking joke compared to secure IT practices. You saying that, proves that you know neither well enough to participate in this discourse. Most users would operate more securely if their client device was also physically restricted. If you don’t understand that, that’s the reason you are not making decisions. I’m sorry to be so blunt.
There are highly capable technical people that can securely work from home, but this is not the average user. If you don’t recognize that, you are probably just cheering for your own personal comfort right now. I get comfort, but don’t be blind to reality
So how did those laptops get stolen? Would that have been possible if their users worked on a local client at the office?
Yes laptops can be stolen from offices. It would be pretty trivial to do so in fact in most cases. In an all on site office it’d be a juicy target too because now all these laptops are in the same place.
Rocket science is a fucking joke compared to secure IT practices. You saying that, proves that you know neither well enough to participate in this discourse.
It is abundantly clear that you have little to no knowledge experience in modern IT security practices. And before you ask, no, having watched Mr. Robot all the way through does not count.
There are highly capable technical people that can securely work from home, but this is not the average user.
You absolutely do not have to be highly technical to work securely from home. That’s just silly.
Yup. We have to “badge in” to our office, but the secretary will buzz you in if you ask nicely. Also, if you walk in with confidence as someone is entering/leaving, they’ll hold the door for you. Or go in around the EOD when the cleaning staff are there and they’ll let you in. All it takes is a very small amount of social engineering and you could steal a ton of stuff from my company.
But most people don’t lose stuff like laptops at home or in their office, they lose them when traveling. Maybe you drop by a coffee shop on the way to work and someone filches your bag, or maybe you take a flight for work and someone swipes it while you’re throwing something in the trash. They’re not going to break into your home or your office, they’ll snatch it while you’re out in public and not paying particularly close attention.
It really isn’t.
Confident. I like that.
Maybe you should pay attention then.
It’s the type of confidence that comes with years of experience in IT security and compliance.
Likewise :) Sad to learn you are one of those that act confidentially while being blind. I’m the guy that cleans up after you.
Oh no, not likewise. There’s zero chance you have any real world experience under your belt, that much you’ve made very clear. You’ve already let it slip that you’re just a consultant lol. A glorified salesman playing around in SMB land no doubt. At best, maybe somebody who actually dipped his toes into IT generalism two decades ago and has been out of the game since? I know the type lol.
It’s probably best if you were to stay in your lane and let the professionals worry about security.
Exactly. We use a VPN to connect to anything somewhat important, and anything truly important requires manual access and approvals. I’m in a pretty senior dev position, and if I lost my laptop:
And I’m not doing anything special here (and I’m certainly not a security professional), that’s everyone’s machines due to company policy. We also don’t handle anything particularly sensitive, the most sensitive thing I have is proprietary algorithms, and we’d sue anyone if we suspected they stole our code.
Oh, and if they try to run something sus, it’ll send a report to our IT dept. I actually got contacted by our IT dept because I ran something unfamiliar (I really like my CLI tools), so they added an exception after personally verifying with me that it’s not a hack.
We have teams across the globe, both inside the org and outside, and we haven’t had any issues with security, and we do regular audits. Our security team isn’t particularly special either, I’m sure many other companies have much tighter security than we do.
I work in telecomms, major strategic projects. I dont have an office to return to, for 9 years I have had no office. My computer can be wiped remotely amd requires 2fa to connect to the vpn.
We have never had a security incident that wasnt someone’s laptop being stolen.
Dont boot lick. This is not rocket science.
So how did those laptops get stolen? Would that have been possible if their users worked on a local client at the office?
Rocket science is a fucking joke compared to secure IT practices. You saying that, proves that you know neither well enough to participate in this discourse. Most users would operate more securely if their client device was also physically restricted. If you don’t understand that, that’s the reason you are not making decisions. I’m sorry to be so blunt.
There are highly capable technical people that can securely work from home, but this is not the average user. If you don’t recognize that, you are probably just cheering for your own personal comfort right now. I get comfort, but don’t be blind to reality
Lad just stop you are talking nonsense, everyone worked from home for 2 years and nothing happened
Yes laptops can be stolen from offices. It would be pretty trivial to do so in fact in most cases. In an all on site office it’d be a juicy target too because now all these laptops are in the same place.
It is abundantly clear that you have little to no knowledge experience in modern IT security practices. And before you ask, no, having watched Mr. Robot all the way through does not count.
You absolutely do not have to be highly technical to work securely from home. That’s just silly.
Yup. We have to “badge in” to our office, but the secretary will buzz you in if you ask nicely. Also, if you walk in with confidence as someone is entering/leaving, they’ll hold the door for you. Or go in around the EOD when the cleaning staff are there and they’ll let you in. All it takes is a very small amount of social engineering and you could steal a ton of stuff from my company.
But most people don’t lose stuff like laptops at home or in their office, they lose them when traveling. Maybe you drop by a coffee shop on the way to work and someone filches your bag, or maybe you take a flight for work and someone swipes it while you’re throwing something in the trash. They’re not going to break into your home or your office, they’ll snatch it while you’re out in public and not paying particularly close attention.
Yeah but this guy is a “consultant” he is here to fix your “situation”
🤡