Reply to: Return to the office

Those can be useful, but this scenario is probably the worst case for them.

Suppose I wanted to get your fingerprint: that would be very difficult, because (as far as I know) we've never met.

However, suppose that you have a husband trying to break into his wife's laptop, when she spends several hours each day unconscious in the same room with him (i.e. asleep). It's far more plausible that he could put her finger on the reader without waking her up. Obviously that will depend on the person (i.e. how soundly they sleep), and it would be a massive breach of trust, but I think it's realistic.

I think that illustrates a wider point about security: it's all about "what problem are you trying to solve?" rather than a "one size fits all" approach. Start with a risk assessment, then go from there.

Social engineering is the best way to be a crook.

yep, but where there is a risk there is normally a way of nullifying it, try hiring a security professional.

I think the point is - if there is a will there is a way.

Most laptops are available with fingerprint readers.

I am alright the Butler is trustworthy!

So the result of that is that anyone whatever you do who deals with confidential information needs to work in an office.

​​​​Or hope that your spouse/partner, relatives, friends and neighbours aren't crooks.

I mentioned neighbours as some of us in cities can overhear neighbours work conversations.

Oh and for some people recieving calls only in an office is unrealistic. I've had to give people hard stares on trains and train platforms as I don't want to hear their f***ing confidential work/client conversation.

Nothing the company can really do. If a husband wants access to his wife's work PC, he will get it while she is sleeping, and get the 2FA from the phone. How many men dont know their wifes phone pin? Maybe you dont know your wifes work login password but that can discovered with a bit determination as well

The Guardian article doesn't mention speakerphones, nor does the SEC press release:
SEC.gov | SEC Charges Husband of Energy Company Manager with Insider Trading
So, it's possible that the husband just got the gist of the conversation by listening to her half of it.

I agree with your general point about the company writing a code of conduct. In security terms, this would be an administrative (management) control rather than a technical or physical control.

This. At least now the companies will think about it.

It is not the employer who lost the 1.8million, so no real incentive to raise the bar, unless they are going to get charged or fined..

In situations like this it is the employee/contractor’s responsibility to ensure that their communication is secure.
The employer will set standards, including password complexity and the use of headsets when making calls.
The employer will also have things like NDAs which will also mention things like making sure so one else can eavesdrop on a call.
And they will also make sure that their definition of insider trading includes close friends and family.

If someone is stupid enough to make all calls on a speakerphone, it’s the equivalent of leaving their computer unlocked.
I suspect the employee realised that if she didn’t speak up, she could have faced criminal proceedings if her husband was caught.

You've said that twice, but I'm not sure what you expect the employer to do. Nobody was tapping the phone line, and encrypting the VoIP data wouldn't have made a difference, because someone was standing outside and listening through the door. Are you suggesting that the employer should have built some kind of soundproof room that she could use to work from home?

failing to secure her calls is the employers problem IMHO.

Maybe this will raise the bar!

He earwigs and thinks it's ok to go shopping. She does the right thing by reporting it and gets the sack. He deserved the divorce and the resulting charges from the SEC. Utter breach of trust.