917

Why YSK: It appears several Lemmy Instances are flagged as suspicious and at least 1 instance intentionally using the name of ransomware. A couple of the big enterprise monitoring suites (Fortiguard, ZScaler) will flag your account and may end up with you being pulled into an office for an explanation, or worse.

TL;DR: Keep browsing to your local instance at work for now.

you are viewing a single comment's thread
view the rest of the comments
[-] LostDeer@infosec.pub 458 points 1 year ago

Don’t use company computers for personal stuff, it all gets logged and can be used against you at the very least as evidence that you weren’t working come performance reviews.

[-] givesomefucks@lemmy.world 220 points 1 year ago

It's fucking insane people don't know this in 2023.

Work computers are for work, and pretty much every employer monitors what you do on it.

[-] lagomorphlecture@lemm.ee 55 points 1 year ago

I occasionally click on the little wether icon and see what the forecast looks like. Hope I don't get fired!

At my old job we had to research customers which frequently involved looking on Facebook and other sites. I was very intentionally not logged in, which probably wouldn't work now, and kept any and all searches to items that I could prove were related to a work item. It's insane that people don't follow that advice.

[-] penguin@sh.itjust.works 34 points 1 year ago

Things like weather will be fine unless you have an unreasonable boss/job.

But people should only use work computers the way they would if they knew the entire company was watching a live stream of their desktop.

Even for working from home, I put my work laptop on the isolated guest wifi because I don't trust them the same way they don't trust me.

[-] IsoKiero@sopuli.xyz 17 points 1 year ago

Work computers are for work, and pretty much every employer monitors what you do on it.

Depends heavily on where you work. My employer don't track what we use the computers for (of course there's a 'TOS' of sorts which says that it's company property and should only be used for company stuff) but as long as you are at least somewhat reasonable on what you use the system for it's fair play. Things like checking your personal email and occasional visit to lemmy/whatever your social media poison is doesn't raise any flags as long as you get the job done and that's it. Of course you can't install anything on the system but as long as a browser session on incognito mode is enough and it doesn't harm your duties, while technically forbidden, no one really cares.

And yes, I know this for sure, as I'm one of the guys who enforces the policies for our gear. YMMV.

[-] _danny@lemmy.ml 3 points 1 year ago

Good advice always has its exceptions. But in general you should never use a work device for personal use because it's very easy for that information to be either compromised and/or used against you.

My personal guidance is "if you don't own the device, pretend the owner is looking over your shoulder" it's incredibly easy for them to install keyloggers and trackers remotely and silently.

[-] IsoKiero@sopuli.xyz 2 points 1 year ago

it’s incredibly easy for them to install keyloggers and trackers remotely and silently.

And in here that's very much illegal thing to do without prior consent from the employee and even with permission it's requlated on what you can do with the data. Of course companies are permitted to restrict traffic and otherwise limit what users can do on the devices they're given to, but it's still illegal to spy individual users and what they do. Strong(ish) worker rights are a very nice thing to have around.

[-] klyde@lemmy.world -4 points 1 year ago

Then your job probably isn't that serious then like others where they get monitored.

[-] Oisteink@feddit.nl 0 points 1 year ago* (last edited 1 year ago)

Intelligent reasoning! Remarkable!
Here’s another take: it’s all down to the laws you let your law-makers write. If I quit my my boss is not allowed to read through or keep my account active - in their system.

[-] Ajen@sh.itjust.works 40 points 1 year ago

And the same goes for company wifi if you have to log in with your own username.

[-] wizardbeard@lemmy.dbzer0.com 21 points 1 year ago

Even if you don't, there's plenty of different ways to identify a user on company wifi.

For example, have your cellphone named "Stephano's iPhone"? Narrows it down to the Stephanos working in range of that access point.

[-] Bongles@lemm.ee 4 points 1 year ago

I usually used a VPN if I was on the WiFi. Made me feel better even if I'm just browsing memes

[-] Ajen@sh.itjust.works 3 points 1 year ago

Connecting to an "unauthorized" VPN is against IT policy for some companies, especially if your job involves handling sensitive data.

[-] smeg@feddit.uk 0 points 1 year ago

Always use a VPN when on a network you can't trust. There are plenty of free and trustworthy ones you can activate with one click, and then all the company sees is noise.

[-] Ajen@sh.itjust.works 10 points 1 year ago

I trust my company's wifi network a lot more than a free VPN app.

[-] smeg@feddit.uk 6 points 1 year ago

I use the free tier of Proton VPN, it's been well audited and proven safe!

[-] outdated_belated@lemmy.sdf.org 3 points 1 year ago

Different threat models. There’s the threat of being punished or fired by workplace surveillance;

Separately, there’s also the threat of some unknown third-party snooping on your data for whatever other reason (identify fraud, etc).

The post discusses the first and I’d argue that’s more compelling for most people, but the second is also valid.

[-] XpeeN@sopuli.xyz 2 points 1 year ago* (last edited 1 year ago)

RiseupVPN, calynx and protonvpn are pretty great and trustworthy. 2 first ones are non profit based on donations only. And proton VPN is well audited (but require account while the first two doesn't)

Cloudflare’s free VPN is trustworthy and very fast. You don’t get to pick server location though so it is only useful for cases like this.

[-] visak@lemmy.world 4 points 1 year ago

If the company owns the endpoint there's lots they can do to monitor your traffic even with a VPN. For phones if you sign in to work mail with your phone and allow them to manage your device just assume they have control of it now.

[-] smeg@feddit.uk 6 points 1 year ago

Never putting any of their software on your personal device is a good rule in general

[-] Saik0Shinigami@lemmy.saik0.com 1 points 1 year ago

Work computers are by definition not personal devices.

[-] Ajen@sh.itjust.works 0 points 1 year ago

And refusing to install your company's software on your work computer is a good way to get fired for cause.

But some people have the option to access work email, etc on their personal devices, as long as they install their company's monitoring/security software.

[-] uberrice@feddit.de 14 points 1 year ago

Depends on your work. I agree with you, but for example my work is different.

Yes, we have managed devices as well, but my department specifically went for unmanaged devices. Just plain old laptops. Install whatever OS you want, do whatever you want. I only have the base windows install on there for some compatibility reasons, I mostly just use PopOS.

And we're also explicitly allowed to browse private content - as long as the work gets done and we stay in budget, do whatever.

[-] theDoctor@lemmy.sdf.org 21 points 1 year ago

If you are on their network they can see what you are doing. At the end of the day, the business will protect itself.

Do what you want at your own risk. But never assume that any company is on your side.

[-] monobot@lemmy.ml 4 points 1 year ago* (last edited 1 year ago)

This is so simple, whatever policy they have if something goes wrong they will try their best to find a scape goat.

Why do you people have phones with gigabytes of daya for?

Additionally, do your best not to be part of the company where you might get into trouble for just using internet.

[-] uberrice@feddit.de 1 points 1 year ago

Of course they can. That's why I usually use my phone as a hot spot when I'm browsing private stuff ;)

[-] ludwig@lemmy.world 2 points 1 year ago

Do the other departments use managed devices? IT might get pretty mad if your department went over them and bought computers themselves, lol.

It's not optimal from a security and legal point of view.

[-] uberrice@feddit.de 4 points 1 year ago

IT specifically has an option for unmanaged devices, exactly for developers like me :)

[-] ludwig@lemmy.world 2 points 1 year ago

Alright. Seems reasonable as long as the devices are sandboxed from the company network and resources.

[-] uberrice@feddit.de 2 points 1 year ago

They aren't, and our private phones are also connected to the network ;)

But then again, it's a fairly large organization vpn'd up over multiple locations, with server farms in different VLANs and so on, so the network we usually access when working are in a different subnet.

I do know what you mean though - it really depends on what the company does. Prior, I worked at a company that developed and manufactured hardware cryptography devices - I learned proper security procedures there :) our 'actual work computers' weren't even connected to the Internet, and the unmanaged laptops accessed the same WiFi guests would access that, well, only went to the Internet. Just wpa2.

[-] ludwig@lemmy.world 1 points 1 year ago

They aren't, and our private phones are also connected to the network ;)

Why though‽ Most consumer routers even have a guest network enabled by default.

it really depends on what the company does.

That's true, but an attack could probably cause a lot of damage to any company (especially a big one) without proper security. Regardless of what they do.

Well at least you don't have to deal with ITs PC policies, which can get pretty annoying. Allowing any device to join the company network seems incredibly stupid though.

Let's just hope that none of your unmanaged machines get compromised.

At my previous company, only domain work computers could join the PC WiFi (with a certificate, so no passwords) and work smartphones could only join the work WiFi for mobiles.

Private devices and very limited amount of non domain computers were only allowed on the guest network and couldn't connect to any other.

The company didn't do anything special that needed extra security.

[-] inspxtr@lemmy.world 6 points 1 year ago

agreed with the point. However, lemmy might soon be the new reddit for information, asking questions, troubleshooting.

So I guess a solution for accessing lemmy for such resources on company computer without being flagged would be good, especially this gets a bit more complicated with the decentralized nature of the fediverse (multiple domains of lemmy)

this post was submitted on 02 Aug 2023
917 points (94.6% liked)

You Should Know

33420 readers
184 users here now

YSK - for all the things that can make your life easier!

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must begin with YSK.

All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.



Rule 2- Your post body text must include the reason "Why" YSK:

**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding non-YSK posts.

Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.



Rule 7- You can't harass or disturb other members.

If you harass or discriminate against any individual member, you will be removed.

If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- The majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.



Partnered Communities:

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

Credits

Our icon(masterpiece) was made by @clen15!

founded 2 years ago
MODERATORS