Not that many years ago, a colleague from a former company asked me if I could help him back up the MP3 songs on his laptop. Sure, I said, before finding to my surprise that they were all stored on his work laptop.
This was the machine he used to send corporate e-mails and log in to company servers. He also played his personal music collection from it.
I advised that he best kept his personal stuff off his company PC. Not just because this was against company policy, which he wasn’t aware of, but also because it could open a loophole for cyber attackers if he downloaded the files from some dubious pirate websites.
That was almost 10 years ago, a different time. MP3s are old news today, replaced by Spotify. However, the line between personal and work stuff has remained foggy for many users.
Just a few years ago, the headlines were all about BYOD. Bring your own devices, employees were encouraged, as large organisations embraced the cheapness, scalability and sheer reach of the cloud.
Rightly or wrongly, millennials are often the scapegoat for many things and in the BYOD story, they are usually portrayed as the main beneficiaries.
Toting their MacBooks and smartphones, they were the ones who could not separate work from play – supposedly a good thing for corporations tapping on their energy to meet new targets.
Now, the news headlines have been replaced. Instead of stories on the benefits brought about by the consumerisation of technology, corporate IT chiefs everywhere are looking to lock down – not free up – IT resources.
Cyber security is the headline phrase that has been in circulation most, of late. So, it’s not hard to see why chief information officers (CIOs) are looking to shore up defences in new ways they probably never considered in the past.
One of this is to separate the personal from the corporate. IT departments are already overwhelmed fighting the known vulnerabilities for what they control, never mind the secret backdoors users may potentially open when they utilise corporate devices for their personal use.
Yes, users know they should not be catching up on Netflix on their office laptops. Nor should they be downloading files that have nothing to do with work. But people continue to do so.
Some organisations have gone further with separation. Already, the Singapore government has forced public servants to use separate devices to surf the Web, even for work.
And security firms are rolling out technologies that allow organisations to monitor what users are doing on their PCs at work.
Forcepoint’s SureView Insider Threat software, for example, enables companies to record suspicious activity on a user’s laptop in the form of a desktop video capture.
This means if a user moves files from a server onto his desktop, then saves it on a USB flash drive and deletes the “evidence” on his PC, the system could raise an alarm of a potential theft of data.
This sounds scary to users at first but the technology also works to exonerate someone who may have been an unwitting victim of a cyber attack. Forcepoint would have also recorded the moment when he clicked on a link that led him to a malware-infested website.
This powerful tool clearly has to be under lock and key. An administrator accessing it will be logged doing so. And it’s likely he will only check on a particular user if he is flagged by the system accessing the risks of thousands of actions performed across a network.
Still, this is a sign of the times. If you want security, you can’t have privacy, as a saying goes. Like it or not, tighter monitoring of corporate devices will be more common in future.
Sadly, the sophisticated cyber threats faced today means organisations have to assume their networks are already compromised and they have to more closely monitor what happens within their firewall, not just what’s trying to get inside.
For users, this means finally facing the reality that a corporate laptop or smartphone really isn’t your personal device.
Just like you don’t want to be caught on a CCTV camera doing personal stuff in the office, you would not want to do so when connected to your office network.
It’s time to stop adding your doctor’s appointments and dinner dates on your corporate calendar. And definitely, do not download pirated music on your company laptop.