Periodically, when working with a campus employee who is having an issue with their computer, they will tell us ‘That's ok, I’ll just use my personal computer’ or, even worse, they will tell us they always work from their personal computer. Every time we hear this, we cringe a little. There are an assortment of reasons this is a bad practice, but we are going to specifically discuss two reasons it's bad for the campus and two reasons it's bad for the user.
The first reason it's bad for the campus is about access to departmental data. If a user is working from their home computer they may have work products (images, documents, etc.) that are stored locally and not on one of the campus servers. Should the employee be on vacation, medical leave, or otherwise unavailable, data on that machine will no longer be accessible for the department to continue its work. Additionally, if the data is not saved to a server, it very likely is not being backed up so if the computer is stolen, the data would be gone forever.
The second reason using home machines is bad for the campus, is about security. Campus managed machines are required to be patched regularly, have anti-malware tools, and generally only run software necessary for normal campus operations. Home computers may not be hardened and will frequently run outdated software. If someone is using their home machine, it is very probable that there will be extra software like games, shareware apps for downloading youtube videos, media players, etc.. Each of these is another vector for someone to attack the computer. As a recent example of how this can go wrong, look no further than last year’s LastPass breach. It was widely reported that the attackers were able to get into an engineer’s account, by attacking an unpatched Plex server that the engineer was using on their home machine, which they were also using to access company systems, and installing a keylogger onto it to obtain the users passwords.
So those reasons address why it is bad for the campus, but why is it bad for me, you ask. The first one is simply financial. All maintenance and repairs for your personal computer are your responsibility -- including those required to meet campus security requirements. And when your personal computer is no longer supported by the vendor, you will need to replace it regardless of whether it still works. In addition, the campus Help Desk's ability to support personal devices is limited.
The final reason we are going to discuss why it's a bad idea to use a personal computer for work, is quite simply privacy. Someone's personal computer could be searched and accessed by others in response to a public records request, data breach, lawsuit, or other legal request for university records.. Even if they have nothing to hide and there is nothing sensitive on their computer, no one wants other people searching through their stuff.
