Personally I also like the one about installing software on any personal device that is used to access company systems so any company sysadmin can instantly remote wipe it at their own discretion if they decide security is at risk.
It turns out that some people didn't realise that the above story was supposed to be satirical and actually built tools that will do that. Whatever you do, don't ask those people about stats on things like legitimate vs. accidental, malicious or negligent wipes. Certainly don't ask about the proportion of employees who were subject to "bad" wipes but got no apology or compensation, just an HR or legal goon pointing to an agreement they signed but did not even slightly understand in which they explicitly consented to exactly that.
If a business has a genuine need for someone to have mobile access to its systems -- which is sometimes reasonable, though not nearly as often as a certain kind of manager pretends -- then the business should provide a completely independent device under its own control for that purpose. It's really that simple.
> the business should provide a completely independent device under its own control for that purpose. It's really that simple.
I agree. We provide laptops and phones. However, you would not believe the bitching about "Now I have to carry another phone and computer."
And, whenever we wind up with a better laptop on hand, we do a surprise "upgrade" to somebody unannounced. We take the old one and hand them a new blank one with no access to the old one to simulate a hard drive crash.
If they aren't back up and running in 4 hours, we take the new laptop back, blank it, give them their old laptop back and give the new one to somebody else.
The fact that they aren't going to get a new shiny computer unless their computer is recoverable focuses their attention quite well.
It turns out that some people didn't realise that the above story was supposed to be satirical and actually built tools that will do that. Whatever you do, don't ask those people about stats on things like legitimate vs. accidental, malicious or negligent wipes. Certainly don't ask about the proportion of employees who were subject to "bad" wipes but got no apology or compensation, just an HR or legal goon pointing to an agreement they signed but did not even slightly understand in which they explicitly consented to exactly that.
If a business has a genuine need for someone to have mobile access to its systems -- which is sometimes reasonable, though not nearly as often as a certain kind of manager pretends -- then the business should provide a completely independent device under its own control for that purpose. It's really that simple.