undefined | Better HN

0 pointsmobiuscog6mo ago0 comments

There is an easy answer. Give employees two computers.

One is the 'business' one. Mostly locked down, with checks in place.

The other is on a different network, isolated from all business functions, and they can do what they want but must never use it for work data, just like their phones (that everyone knows they use for social media etc. in the day).

Sure, you still have to deal with copying from one to the other (but there are solutions for that if critical, and much easier to secure).

It sounds crazy, but air-gaps are largely proven and it also means that employees feel less oppressed.

Now I realise, even ignoring the cost, businesses won't want this, as perish the thought their employees may do anything other than work. But I suspect it would actually stop more attacks and issues than otherwise and maybe... just maybe.. employees feel as if they're actually human.

0 comments

cameronh906mo ago

It's not really an easy answer as (1) it doesn't stop phishing attacks hitting work emails so isn't really relevant anyway, (2) most people, executives especially, don't want to cart multiple devices around, which is why we now have to deal with the security nightmare that is supporting work stuff on BYOD phones, (3) I don't work for a SV company with the budget to buy everyone two laptops, and if we did, honestly I think most people would prefer a better single laptop than two mediocre ones. Besides, most people just treat their phone as their personal portable device now. The odd person brings their own laptop.

Developers are the exception here, where usually they'd prefer to develop on a machine with minimal BS running, even if it means carrying around an ultraportable in addition to their development workstation laptop.

dweekly6mo ago

Your "crazy" proposition is exactly the reality at many companies: the work computer is increasingly isolated from the Internet. At my last employer their game plan for employees was to move the whole web to a whitelist approach - if you want to browse the web freely, use your personal computer or personal phone.

So most of us carted around a work laptop (connected to corp WiFi) a personal laptop (on guest WiFi or tethered) a work phone and a personal phone.

In other news, you should never ever MDM enroll your personal phone with a work BYOD policy.

sigwinch6mo ago

Just call one business internal and the other one LLM inference. You don’t want AI crafting packets on business internal.

j / k navigate · click thread line to collapse