For Customer considering allowing users to use a personal machine:
Hi XXX,
I hope all is well. I understand you have a [some/an intern)s)/consultant(s) PICK THE RIGHT ONE AND EDIT CAREFULLY] joining [company name] soon. I'm writing to strongly advise against allowing them to use personal computers to access company resources such as [SharePoint/Google Workspace, etc (PICK THE RIGHT ONE)].
There are several important reasons for this:
- We have no visibility or control over personal devices, so we can’t enforce essential security policies like screen timeouts, device encryption, or software updates. We also can’t remotely wipe a personal device if it's lost, stolen, or if/when the intern leaves.
- There's a significant risk of data leakage, especially if files are saved locally or synced with personal cloud storage accounts.
- Personal computers may lack basic protections, such as current antivirus software or operating system updates, increasing the risk of malware or other vulnerabilities.
Many of our customers address this situation by providing virtual machines for temporary staff. For example, Microsoft offers a cloud-based PC for around $41 per month per user, which should meet the [intern)s)' /consultant(s)' PICK THE RIGHT ONE AND EDIT CAREFULLY] needs without requiring a large upfront investment in hardware.
We can manage these virtual machines just as we do physical devices, ensuring they’re secure and fully supported.
If a user leaves, we simply cancel the license for that device, or the device can be transferred to a different user.
Please let me know if you'd like to move forward with this option or if you need more information.
If someone is already accessing resources from a personal device:
It has
come to our attention that your remote [consultants/interns/etc] have been accessing [SharePoint/Google Workspace, etc (PICK THE RIGHT ONE)] on their personal computers. We want to advise you that this is a
bad idea from a security standpoint. We strongly recommend these users utilize
company-owned computers that have the same security safeguards in place as the
computers that we manage for you.
The use of personal computers
greatly increases the risk of a data breach. Here are some of the reasons why:
- We have no visibility or control over personal devices, so we can’t enforce essential security policies like screen timeouts, device encryption, or software updates. We also can’t remotely wipe a personal device if it's lost, stolen, or if/when the intern leaves.
- There's a significant risk of data leakage, especially if files are saved locally or synced with personal cloud storage accounts.
- Personal computers may lack basic protections, such as current antivirus software or operating system updates, increasing the risk of malware or other vulnerabilities.
Many of our customers address this situation by providing virtual machines for temporary staff. For example, Microsoft offers a cloud-based PC for around $41 per month per user, which should meet your [consultants'/interns'/etc] [intern)s)' /consultant(s)' PICK THE RIGHT ONE AND EDIT CAREFULLY] needs without requiring a large upfront investment in hardware.
We can manage these virtual machines just as we do physical devices, ensuring they’re secure and fully supported.
If a user leaves, we simply cancel the license for that device, or the device can be transferred to a different user.
Please let me know if you'd like to move forward with this option or if you need more information.