A Question for IT folks

[NEhomer]

I work in a school system. We recently got an e-mail from our IT department announcing that all personal devices used to check school Google based Gmail MUST be password protected. If not protected by a certain date, we would no longer be able to access our mail.

This got me wondering how they know whether my device is protected. We then got a warning from our faculty association to never use any personal device to access work Gmail as the IT folks will have access to your personal data.

My question is, just what can my IT department see regarding my account if I leave my phone logged in to Gmail? I'm not a perv and I have nothing concerning really but on principle, I'd rather not expose myself to any hacking or investigating.

 

[NU_FTW]

I work in a school system. We recently got an e-mail from our IT department announcing that all personal devices used to check school Google based Gmail MUST be password protected. If not protected by a certain date, we would no longer be able to access our mail.

This got me wondering how they know whether my device is protected. We then got a warning from our faculty association to never use any personal device to access work Gmail as the IT folks will have access to your personal data.

My question is, just what can my IT department see regarding my account if I leave my phone logged in to Gmail? I'm not a perv and I have nothing concerning really but on principle, I'd rather not expose myself to any hacking or investigating.

Use a VPN service and you wont ever have to worry about a lowly "IT Dude" being able to see anything, doesnt matter how many packets they capture they wont be able to see squat (it gets encrypted between your device and the proxy server


Note: i do say lowly IT Dude, with anything in life if someone wants it bad enough they will find a way to break the encryption but it wont be easy

 

[WizardHawk]

Use a VPN service and you wont ever have to worry about a lowly "IT Dude" being able to see anything, doesnt matter how many packets they capture they wont be able to see squat (it gets encrypted between your device and the proxy server


Note: i do say lowly IT Dude, with anything in life if someone wants it bad enough they will find a way to break the encryption but it wont be easy

Yes and no.

I work in a large hospital system and I can tell you most hosted VPN traffic is blocked on employee wifi networks. And it has nothing to do with monitoring employees. It's more about bandwidth protection.

The school system would have to require staff to install an app that gave them the ability to enforce a password system and verify antivirus protection. Otherwise they don't have the ability to know what your phone settings are.

If they do require an app you still have the ability to know exactly what they have access to and im not aware of any that give them access to your texts, pictures, personal files, etc. At least not without explicitly telling you so. There are no backdoor access type things.

They are trying to protect their infrastructure while still giving staff better access. It's a fine line that can never make everyone happy.

 

[NU_FTW]

Yes and no.

I work in a large hospital system and I can tell you most hosted VPN traffic is blocked on employee wifi networks. And it has nothing to do with monitoring employees. It's more about bandwidth protection.

The school system would have to require staff to install an app that gave them the ability to enforce a password system and verify antivirus protection. Otherwise they don't have the ability to know what your phone settings are.

If they do require an app you still have the ability to know exactly what they have access to and im not aware of any that give them access to your texts, pictures, personal files, etc. At least not without explicitly telling you so. There are no backdoor access type things.

They are trying to protect their infrastructure while still giving staff better access. It's a fine line that can never make everyone happy.

LOL i was more or less just talking about the traffic not phone settings, that requires user acknowledgement which is like you said possible

The hospital makes sense as it being Work wifi you dont want employees dicking around where they shouldnt be and if you use a VPN you can bypass all the filters in place or blacklisting/whitelisting put in place

 

[NEhomer]

Thanks so much you guys. I'll talk to a colleague who's more up on this stuff than me and ask him about a VPN service.

Yes and no.

I work in a large hospital system and I can tell you most hosted VPN traffic is blocked on employee wifi networks. And it has nothing to do with monitoring employees. It's more about bandwidth protection.

The school system would have to require staff to install an app that gave them the ability to enforce a password system and verify antivirus protection. Otherwise they don't have the ability to know what your phone settings are.

If they do require an app you still have the ability to know exactly what they have access to and im not aware of any that give them access to your texts, pictures, personal files, etc. At least not without explicitly telling you so. There are no backdoor access type things.

They are trying to protect their infrastructure while still giving staff better access. It's a fine line that can never make everyone happy.

The school system would have to require staff to install an app that gave them the ability to enforce a password system and verify antivirus protection. Otherwise they don't have the ability to know what your phone settings are.

So you seem to be saying that they're bullshitting us that they can tell if our device is password, correct?

I work in a large hospital system and I can tell you most hosted VPN traffic is blocked on employee wifi networks. And it has nothing to do with monitoring employees. It's more about bandwidth protection.

My phone is on my AT&T network and I have WiFi turned off. What does that do for my ability to use a VPN?

I like to check my e-mail regularly as I'm always in contact with parents but I'm leery about surrendering info. Again, I have no specific concerns and I like our IT guys who do a good job. It was the advice given to our union that alarmed me.

Is the short answer that they really can't access info? It was explained to me that the risk of an unprotected phone is that it could be stolen and by that means provide hackers with a door into our systems.

 

[WizardHawk]

Thanks so much you guys. I'll talk to a colleague who's more up on this stuff than me and ask him about a VPN service.



The school system would have to require staff to install an app that gave them the ability to enforce a password system and verify antivirus protection. Otherwise they don't have the ability to know what your phone settings are.

So you seem to be saying that they're bullshitting us that they can tell if our device is password, correct?

I work in a large hospital system and I can tell you most hosted VPN traffic is blocked on employee wifi networks. And it has nothing to do with monitoring employees. It's more about bandwidth protection.

My phone is on my AT&T network and I have WiFi turned off. What does that do for my ability to use a VPN?

I like to check my e-mail regularly as I'm always in contact with parents but I'm leery about surrendering info. Again, I have no specific concerns and I like our IT guys who do a good job. It was the advice given to our union that alarmed me.

Is the short answer that they really can't access info? It was explained to me that the risk of an unprotected phone is that it could be stolen and by that means provide hackers with a door into our systems.

If you are on your own cellphone data and a company wifi there is zero chance they can track anything.

A VPN helps provide some security, but password protecting your phone is more important.

So yes, you should have it password protected (or pattern, facial recognition, fingerprint) but no there is no way they can tell if you have done so. 100% in the clear.

 

[Roy Munson]

I work in a school system. We recently got an e-mail from our IT department announcing that all personal devices used to check school Google based Gmail MUST be password protected. If not protected by a certain date, we would no longer be able to access our mail.

This got me wondering how they know whether my device is protected. We then got a warning from our faculty association to never use any personal device to access work Gmail as the IT folks will have access to your personal data.

My question is, just what can my IT department see regarding my account if I leave my phone logged in to Gmail? I'm not a perv and I have nothing concerning really but on principle, I'd rather not expose myself to any hacking or investigating.

That second email was written by an idiot.

The only data the IT department will have access to is the data in your work gmail account.

now, if you end up using that account to sync other information like notes/calendar/whatever, that would be in that account. But really, on my phone I have my personal account that syncs everything and my work account that syncs its own email and calendar. no data on my phone is available to any IT Admin besides what's in the account owned by my employer.

Oh, and they have no way of knowing if your device is protected by a password if you're doing IMAP sync with gmail.

 

[Mebert]

That second email was written by an idiot.

The only data the IT department will have access to is the data in your work gmail account.

now, if you end up using that account to sync other information like notes/calendar/whatever, that would be in that account. But really, on my phone I have my personal account that syncs everything and my work account that syncs its own email and calendar. no data on my phone is available to any IT Admin besides what's in the account owned by my employer.

Oh, and they have no way of knowing if your device is protected by a password if you're doing IMAP sync with gmail.

If the school has them installing something like mobile spy they could see all that. VPN would not help in that case either as it would not be the Packers it monitors.

 

[Roy Munson]

If the school has them installing something like mobile spy they could see all that. VPN would not help in that case either as it would not be the Packers it monitors.

but the device has to be controlled by their IT for that. If its a personal device, that wouldn't be the case.

 

[Tenn"cock]

As long as you stay off the company wifi and are not connected to their system in any way then the best they can do is guess by your behavior or they may start asking to check employees phones physically which would be a little heavy handed but I have seen hospitals do some strong arm stuff like this before. I worked in a large hospital system for almost 10 years in IT and sometimes we had to implement things we did not necessarily like.

Their biggest fear is that they will not be in compliance with HIPAA and be open to fines and litigation so never underestimate their determination to control what gets out and what does not.