I’m non-techy. I work for a public school district and visit with kids in about a dozen schools. I like having my work email on my phone so teachers can get in touch if they need me. For years we’ve just used the outlook app with no real issues that I’ve noticed. We’re seeing more and more micromanagement and it sucks. We recently got notice that we have to install Cisco Duo on our phones if we want to have our email on it. Should i do that? Or just say no and be ok with being out of contact?

  • DigitalDilemma@lemmy.ml
    link
    fedilink
    English
    arrow-up
    19
    ·
    2 months ago

    Don’t.

    Two reasons:

    Many employers require you to install phone-management software as part of the data loss mitigation/data exfiltration requirements - and those requirements might be set by their insurers.

    This gives them the ability to remotely lock or wipe your phone at any time - useful to them because they remove company data if you lose your phone, or you leave the company, or are suspended for any reason. Obviously that’ll also lose any personal data on the phone, but that’s your problem, not theirs. They can also monitor its location and similar things.

    That’s obviously a reason why you should never, ever, use a work-issued device for personal use - besides it being against their acceptable use policy. If your employer requires you to check email then they are required to issue you the means to do so. They cannot insist that you use any personal devices for that.

    It’s bad for your mental health.

    Keep work to work hours. Keep work devices for work. Keep personal hours and devices for your personal use.

    This physical separation requires a little discipline but, having been on all sides of this barrier (employer, employee, suffering with poor mental health, and currently, in good mental health) - I know this to be the only way to achieve a health balance.

    • ResoluteCatnap@lemmy.ml
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      2 months ago

      I’m forgetting the episode but darknet diaries podcast had one where a guy took revenge against a former employer and wiped out an entire schools email system and wiped all phones that has logged into the school email. This was done from compromising the school’s outlook admin account.

      That was the first time i learned that logging into the employer email could give them the level of control over your device. Fortunately i never have done that for the #2 reason.

      • IMongoose@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        2 months ago

        There are usually a couple more steps beyond just signing in. Sometimes it will require an app or you get a big warning stating hey, the employer is going to gain a ton of access on here, do you agree?

    • Tricky@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      2 months ago

      This is great context, thanks.

      A followup question, if you don’t mind. I am running stock android 14, which offers multiple users. My main user account is my personal (nothing work related), and a second user account is my work profile, complete with phone-management software. The two accounts are based upon different Google accounts.

      If my work were to remote wipe, I have assumed that would only affect the (second) user profile which has those apps, and not the main user account.

      Do you know if that is correct?

      • DigitalDilemma@lemmy.ml
        link
        fedilink
        English
        arrow-up
        5
        ·
        2 months ago

        If my work were to remote wipe, I have assumed that would only affect the (second) user profile which has those apps, and not the main user account.

        My understanding is that these tools offer a factory reset, so they would wipe everything. After all - if the phone is stolen, you wouldn’t want to just wipe one profile and leave data within another.

  • Brkdncr@lemmy.world
    link
    fedilink
    arrow-up
    7
    arrow-down
    1
    ·
    2 months ago

    Ask for a physical device like a yubikey instead of the duo app.

    Use the web browser to access email.

    • Today@lemmy.worldOP
      link
      fedilink
      arrow-up
      9
      ·
      2 months ago

      I have a 6 year old work ipad and we buy our own toner cartridges for our office printer. They’re not buying anything. They put millions into door-swiping, staff-tracking security but we have playgrounds that don’t have fences. Public education is super fucked up.

      • Brkdncr@lemmy.world
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        2 months ago

        I think they cost $20. Either this, nothing, or give in and give them access.

  • 🔰Hurling⚜️Durling🔱@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    2 months ago

    I use a S23 Ultra and have my work profile on a sandbox environment with Knox, I can also turn it off at the end of the day and while normally work could have access to my personal data, knox blocks that.

  • ikidd@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 months ago

    If it’s Android, set up a work profile and put the VPN and email on that.

    • Tricky@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      2 months ago

      A followup question, if you don’t mind. I am running stock android 14 on a pixel 6. My main user account is my personal (nothing work related), and a second user account is my work profile, complete with phone-management software. The two accounts are based upon different Google accounts.

      If my work were to remote wipe, I have assumed that would only affect the (second) user profile which has those apps, and not the main user account.

      Do you know if that is correct?

      • waz@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        2 months ago

        Instead of adding an account to the device with all of the management software that goes with it, one could use a generic SMTP email client (K-9 Mail?) and still get the email, but not have to worry about the privacy and remote administration concerns.

        Edit: nevermind, I skimmed the question at first, and didn’t see the duo limitation. This solution probably isn’t an option.

        • Tricky@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          2 months ago

          Appreciate the comment, unfortunately my employer has limited access to O365 apps. I have a slightly different use case than OP

  • xmunk@sh.itjust.works
    link
    fedilink
    arrow-up
    3
    arrow-down
    3
    ·
    2 months ago

    Too much. If your work needs you to have constant email access they should pay for you to have a second phone.