1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Reply to: Agency asking for laptop log-in details following termination

Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Agency asking for laptop log-in details following termination"

Collapse
  • LondonManc
    replied
    Personal laptop on site with mobile acting as wifi hotspot. Simple.

    Leave a comment:

  • Boney M
    replied
    Originally posted by northernladuk View Post
    Don't clients Security policies cover logging in to unauthorised remote stuff or are they so badly written it nor ally won't apply?

    I would have thought logging on to something which isnt allowed by the security policy is much worse than having some personal stuff on a works PC?
    I log on through my own CAG so no how are they going to prevent that and it doesnt touch their system at all

    Leave a comment:

  • northernladuk
    replied
    Originally posted by clearedforlanding View Post
    FTFY
    But enforcing it would mean you getting caught and walked no?

    Leave a comment:

  • clearedforlanding
    replied
    Originally posted by northernladuk View Post
    Don't clients Security policies cover logging in to unauthorised remote stuff or are they so badly enforced it nor ally won't apply?
    FTFY

    Leave a comment:

  • northernladuk
    replied
    Originally posted by Boney M View Post
    I never put any personal stuff on any corporate machines, I merely logon to my citrix server at home and do what I need that way
    Don't clients Security policies cover logging in to unauthorised remote stuff or are they so badly written it nor ally won't apply?

    I would have thought logging on to something which isnt allowed by the security policy is much worse than having some personal stuff on a works PC?
    Last edited by northernladuk; 2 March 2016, 23:22.

    Leave a comment:

  • Boney M
    replied
    I never put any personal stuff on any corporate machines, I merely logon to my citrix server at home and do what I need that way

    Leave a comment:

  • seanraaron
    replied
    Originally posted by northernladuk View Post
    Cool story bro... Got any contractor ones?
    Not yet.

    Leave a comment:

  • MrMarkyMark
    replied
    Originally posted by seanraaron View Post
    I had a new hire set an ssh key passphrase that seemed to be an entire sentence and then forget it within a minute or two, after I had gone through a laborious manual process to distribute it. He then created a new one which I suggested he record in some kind of password safe. I think he forgot that one within a day or two? After that I didn't bother distributing his key until he requested access to a machine. Needless to say his probation was extended.

    Leave a comment:

  • northernladuk
    replied
    Originally posted by seanraaron View Post
    I had a new hire set an ssh key passphrase that seemed to be an entire sentence and then forget it within a minute or two, after I had gone through a laborious manual process to distribute it. He then created a new one which I suggested he record in some kind of password safe. I think he forgot that one within a day or two? After that I didn't bother distributing his key until he requested access to a machine. Needless to say his probation was extended.
    Cool story bro... Got any contractor ones?

    Leave a comment:

  • seanraaron
    replied
    Originally posted by NotAllThere View Post
    The password might well be something unmemorable like ApxR5%j4x and held e.g. in some password container app on a phone.
    I had a new hire set an ssh key passphrase that seemed to be an entire sentence and then forget it within a minute or two, after I had gone through a laborious manual process to distribute it. He then created a new one which I suggested he record in some kind of password safe. I think he forgot that one within a day or two? After that I didn't bother distributing his key until he requested access to a machine. Needless to say his probation was extended.

    Leave a comment:

  • SueEllen
    replied
    Originally posted by clearedforlanding View Post
    FT

    I would omit the would be a breach of the client's security policy and, unless he has a copy of the client's security policy in hand and has signed it and can quote the specific clause. For all we know recovering password for access to laptops that may contain their IP may be policy.

    Less equals more in this scenario. If there is a reply from the client contesting this, then a copy of the policy that he signed can be requested and the appropriate clause highlighted by the client.
    In my last few contracts I was sent the clients' security policy before getting on site.

    Leave a comment:

  • clearedforlanding
    replied
    Originally posted by SueEllen View Post
    Fine then an email to the agent pointing out he can't give the details as it goes against standard industry security practice is in order.
    FT

    I would omit the would be a breach of the client's security policy and, unless he has a copy of the client's security policy in hand and has signed it and can quote the specific clause. For all we know recovering password for access to laptops that may contain their IP may be policy.

    Less equals more in this scenario. If there is a reply from the client contesting this, then a copy of the policy that he signed can be requested and the appropriate clause highlighted by the client. -I doubt the matter would go any further.
    Last edited by clearedforlanding; 29 February 2016, 18:29.

    Leave a comment:

  • SueEllen
    replied
    Originally posted by clearedforlanding View Post
    OP didn´t. He ran for the hills after a couple of weeks. OPSEC is OPSEC, common sense doesn´t come in to it. I would only recommend to responding to requests for AAA that comply with best industry practice and have a paper trail.
    Fine then an email to the agent pointing out he can't give the details as it would be a breach of the client's security policy and goes against standard industry security practice is in order.

    Leave a comment:

  • MrMarkyMark
    replied
    FTFY

    Originally posted by clearedforlanding View Post
    OP didn´t. He ran for the hills, like the biggest bed wetter in the world, after a couple of weeks. OPSEC is OPSEC, common sense doesn´t come in to it. I would only recommend to responding to requests for AAA that comply with best industry practice and have a paper trail.

    Leave a comment:

  • clearedforlanding
    replied
    Originally posted by SueEllen View Post
    Bit of common sense is needed here.

    If the agent is asking for it you don't give it to them. However you should have got on well enough with the client so you can phone them up and give them the password. After you have done that you just contact the agent and state you have already given it to the client pointing out it's a breach of the client's security to give it to them.
    OP didn´t. He ran for the hills after a couple of weeks. OPSEC is OPSEC, common sense doesn´t come in to it. I would only recommend to responding to requests for AAA that comply with best industry practice and have a paper trail.

    Leave a comment:

Advertisers

  1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
Working...
X