Actuarial Outpost
 
Go Back   Actuarial Outpost > Actuarial Discussion Forum > Careers - Employment
FlashChat Actuarial Discussion Preliminary Exams CAS/SOA Exams Cyberchat Around the World Suggestions

Browse Open Actuarial Jobs

Life  Health  Casualty  Pension  Entry Level  All Jobs  Salaries


Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 03-26-2020, 11:48 AM
tkj130130 tkj130130 is offline
CAS
 
Join Date: Apr 2017
Posts: 3
Unhappy Using Personal Laptop for Work?!

Hi guys!

I accepted a new job at a publicly traded insurance company and will be starting in a month. With COVID-19 being such a concern at the moment, they said I could start remotely.

Then HR asked me if I had a personal laptop or if I would need them to send me one.

What?! This raises so many concerns. Do they not issue company laptops? How is that a good idea from an IT security perspective. I cannot fathom how an insurance company is comfortable with any of its employees using a personal laptop, but an actuarial analyst has access to policyholder and claimant information. How does IT administer security updates, monitor phishing attempts or control inappropriate downloads? How would they ensure I am not sharing sensitive data with the internet? What if I had a bunch of viruses on my personal laptop?

Please, if there is anyone out there who does this at their job, let me know. I can think of a few scenarios where this may be passable, but I am not sure how common it is. Maybe I would just be using my personal device to remote into a virtual machine. Maybe their actuarial analysts work with curated data sets with sensitive information redacted, instead of querying it themselves. Let me know what you think!

I emailed my hiring manager to ask if we could discuss, but my recruiter very candidly told me I was overreacting and that I would be sending negative signals to the company if I bring up my concerns. She also said it will look bad that I am bypassing HR. Is she right?

For some background, I currently work at a mutual insurance company (this is my first job) that issues company laptops instead of desktops. They have strict but reasonable security protocols. As an actuarial analyst, I have access to almost all tables, PolicyCenter, and ClamCenter. I query the data I need myself.
Reply With Quote
  #2  
Old 03-26-2020, 11:53 AM
Colonel Smoothie's Avatar
Colonel Smoothie Colonel Smoothie is online now
Member
CAS
 
Join Date: Sep 2010
College: Jamba Juice University
Favorite beer: AO Amber Ale
Posts: 50,482
Default

Maybe they're a BYOD (bring your own device) company. In that case, you connect to the cloud via a vpn and can't actually download anything to your personal laptop if things are set up appropriately. I suppose you could take screenshots or camera photos of your screen, but that isn't that much less secure than having a work machine or the old school version of espionage which is to just print stuff out or write it out by hand. I've worked for companies where I could have used my personal device for work, although I keep my devices separate and don't mix them.

I don't know if that's really the case with this company. If they're asking you to actually save work files to your laptop's hard drive, that's very insecure and would raise eyebrows. Anyway just request a laptop if you have the option.
__________________
Recommended Readings for the EL Actuary || Recommended Readings for the EB Actuary

Quote:
Originally Posted by Wigmeister General View Post
Don't you even think about sending me your resume. I'll turn it into an origami boulder and return it to you.

Last edited by Colonel Smoothie; 03-26-2020 at 11:57 AM..
Reply With Quote
  #3  
Old 03-26-2020, 11:58 AM
Dr T Non-Fan Dr T Non-Fan is online now
Member
SOA AAA
 
Join Date: Sep 2001
Location: Just outside of Nowhere
Posts: 99,812
Default

1. Your recruiter has done her job. No need for further contact. She has no idea what she's talking about.
2. Your hiring manager is the one to talk to, but you should raise your concerns without sounding, um, crazy, as you do in this post.
3. My guess is that HR has no idea what the protocols are about laptops for people who actually use them for data querying. HR will not likely have access to anything too confidential, except HR puff and/or stuff.
__________________
"Facebook is a toilet." -- LWTwJO

"45 es un titere" -- Seal of The President of The United States of America protest art

“That is reminiscent of Harry Truman’s famous saying, ‘The buck stops, uh, somewhere over there, maybe?' That is a level of dodging responsibility that Trump has been perfecting ever since he was very much not in Vietnam.” -- LWTwJO
Reply With Quote
  #4  
Old 03-26-2020, 12:00 PM
Chopin-Lover Chopin-Lover is online now
Member
 
Join Date: Nov 2008
Posts: 1,003
Default

Just tell HR you need them to send you a laptop. My guess is they use a virtual desktop and you can access it from your personal laptop. You won't be able to download or upload information from your laptop to the virtual desktop.
Reply With Quote
  #5  
Old 03-26-2020, 12:01 PM
Colonel Smoothie's Avatar
Colonel Smoothie Colonel Smoothie is online now
Member
CAS
 
Join Date: Sep 2010
College: Jamba Juice University
Favorite beer: AO Amber Ale
Posts: 50,482
Default

Quote:
Originally Posted by tkj130130 View Post
How does IT administer security updates, monitor phishing attempts or control inappropriate downloads? How would they ensure I am not sharing sensitive data with the internet? What if I had a bunch of viruses on my personal laptop?
Anyway, if we want to get into a discussion about employee misconduct, no matter how secure the IT system is technically, taking away large amounts of data from your company is trivially easy even if you have locked down company machines.

This behavior is motivated by a sense of being treated unfairly or perhaps out of some sense of justice if the employee wants to blow the whistle on their employer. Technical security measures are used to deflect blame away from the CISO and are easier than actually working on the social and equity problems that lead to theft.
__________________
Recommended Readings for the EL Actuary || Recommended Readings for the EB Actuary

Quote:
Originally Posted by Wigmeister General View Post
Don't you even think about sending me your resume. I'll turn it into an origami boulder and return it to you.
Reply With Quote
  #6  
Old 03-26-2020, 12:02 PM
Meepo's Avatar
Meepo Meepo is offline
Member
SOA
 
Join Date: Mar 2014
Location: Here In My garage
Studying for Undecided
College: University of Phoenix
Posts: 246
Default

Just ask HR to send you a company laptop...
__________________
P FM MFE C LTAM PA The Rest
Meepo is love, Meepo is life.
Reply With Quote
  #7  
Old 03-26-2020, 12:02 PM
NormalDan's Avatar
NormalDan NormalDan is offline
Member
CAS
 
Join Date: Dec 2016
Location: NJ
Posts: 10,882
Default

Quote:
Originally Posted by Dr T Non-Fan View Post
1. Your recruiter has done her job. No need for further contact. She has no idea what she's talking about.
2. Your hiring manager is the one to talk to, but you should raise your concerns without sounding, um, crazy, as you do in this post.
3. My guess is that HR has no idea what the protocols are about laptops for people who actually use them for data querying. HR will not likely have access to anything too confidential, except HR puff and/or stuff.
Quote:
Originally Posted by Chopin-Lover View Post
Just tell HR you need them to send you a laptop. My guess is they use a virtual desktop and you can access it from your personal laptop. You won't be able to download or upload information from your laptop to the virtual desktop.
Reply With Quote
  #8  
Old 03-26-2020, 12:20 PM
manaknight14's Avatar
manaknight14 manaknight14 is offline
Member
CAS
 
Join Date: Nov 2012
Location: 0100010001000101
Studying for Exam 9
College: tDEC survivor
Favorite beer: Capt'n Eli's root
Posts: 1,361
Default

Quote:
Originally Posted by Chopin-Lover View Post
My guess is they use a virtual desktop and you can access it from your personal laptop. You won't be able to download or upload information from your laptop to the virtual desktop.
Sounds like this is what they do. They might use a VPN to connect to either a virtual desktop or remote into your company desktop/laptop that's onsite. Your personal computer isn't actually touching any of the company's data; the virtual/onsite machine is doing everything with your personal machine just being used as a way to tell it what to do and view what it sees.
__________________
Exams: 1/P[✔] 2/FM[✔] 3F/MFE[✔] 3L[✔] 4/C[✔] 5[✔] 6[✔] 7[✔] 8[✔] 9[]
VEE: Statistics[✔] Finance[✔] Economics[✔]
Online Courses: CA1[✔] CA2[✔]
Course on Professionalism [✔]
Reply With Quote
  #9  
Old 03-26-2020, 12:30 PM
Underpaid Underpaid is offline
Member
SOA
 
Join Date: Oct 2016
Posts: 937
Default

Quote:
Originally Posted by tkj130130 View Post
Hi guys!

I accepted a new job at a publicly traded insurance company and will be starting in a month. With COVID-19 being such a concern at the moment, they said I could start remotely.

Then HR asked me if I had a personal laptop or if I would need them to send me one.

What?! This raises so many concerns. Do they not issue company laptops? How is that a good idea from an IT security perspective. I cannot fathom how an insurance company is comfortable with any of its employees using a personal laptop, but an actuarial analyst has access to policyholder and claimant information. How does IT administer security updates, monitor phishing attempts or control inappropriate downloads? How would they ensure I am not sharing sensitive data with the internet? What if I had a bunch of viruses on my personal laptop?

Please, if there is anyone out there who does this at their job, let me know. I can think of a few scenarios where this may be passable, but I am not sure how common it is. Maybe I would just be using my personal device to remote into a virtual machine. Maybe their actuarial analysts work with curated data sets with sensitive information redacted, instead of querying it themselves. Let me know what you think!

I emailed my hiring manager to ask if we could discuss, but my recruiter very candidly told me I was overreacting and that I would be sending negative signals to the company if I bring up my concerns. She also said it will look bad that I am bypassing HR. Is she right?

For some background, I currently work at a mutual insurance company (this is my first job) that issues company laptops instead of desktops. They have strict but reasonable security protocols. As an actuarial analyst, I have access to almost all tables, PolicyCenter, and ClamCenter. I query the data I need myself.
Wow, that would be awesome. Sometimes I forget to bring my lunch.
Reply With Quote
  #10  
Old 03-26-2020, 12:37 PM
Underpaid Underpaid is offline
Member
SOA
 
Join Date: Oct 2016
Posts: 937
Default

On a serious note, ask HR if you have to relent control of your machine. I know that some companies make it so that they can wipe out/control your machine (unlikely to happen, but be aware). If that is concerning to you, let them know. But when HR tells you to do something, you aren't going to get in trouble, and the company is the one on the hook for security problems, so long as you aren't negligent or wreckless.

If you are watching certain high security risk video content on that machine, you might push back in a polite, discreet way and ask for a laptop.

Last edited by Underpaid; 03-26-2020 at 12:38 PM.. Reason: discreet
Reply With Quote
Reply

Tags
covid-19, data breach, human resources, laptop, security

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 11:18 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
*PLEASE NOTE: Posts are not checked for accuracy, and do not
represent the views of the Actuarial Outpost or its sponsors.
Page generated in 0.28425 seconds with 9 queries