Supporting a home PC raises several liability issues. I am trying to gather information on the use of employee owned computers on the corporate network. Who supports the equipment and how do you protect the information. I feel the corporate information should stay on the corporate network only. Possibly use encrypted USB’s for transferring data.
What happens if something the help desk does crashes the personal computer?
What happens if something the help desk does voids the warranty on the employee’s personal equipment?
Who is liable if the technician finds something illegal (pornography, illegal software, music, etc) and does not report it.
How can you protect the home computer and the data on the computer or on other storage media, such as CDs, DVDs, and USB flash drives.
The computer and the devices may be stolen if a break-in occurs at the employee’s house or vehicle which could give access to passwords and login information.
In addition to the possibility of failure or theft of a home computer, it may not be compatible with office configurations. For example, the home computer may use a different operating system. This and other circumstances may complicate set up, software support, troubleshooting, or repair.
From a security perspective, the critical determinations are:
- What would happen if an intruder gained the same access as the employee?
- What would happen if an intruder were able to use the employee’s account, but gain more access than authorized for that user?
This could result in the loss of organizational resources and member information – steps to ensure that the integrity of their information systems is not compromised by telecommuting employees of the organization.
The Coporate document retention policy needs to address off-site information to prevent costly litigation and sanctions if employees destroy or lose relevant electronic documents. Federal law has widened the scope of electronic discovery to include home computers, text messages, PDAs and Internet service providers.