I guess I dont see how assignment of blame plays into the equation here. If I have a work phone with only work-sanctioned apps on it, and one of them has bad security and gets compromised, that’s very much the employer’s problem because it is happening to their system via their device over an attack vector they told you that you could or must put there.
They can choose to blame you and discipline or fire you, but that still doesn’t make the app’s security flaws affect your personal security, because those flaws didn’t let the attacker into anything of yours or see any data you own. Blaming me for that may happen, but that’s just bad management and an entirely separate issue.
Airgapping your work and personal lives makes a lot of sense for this and other reasons, and it makes even more sense if your employer is trash.
I guess I dont see how assignment of blame plays into the equation here. If I have a work phone with only work-sanctioned apps on it, and one of them has bad security and gets compromised, that’s very much the employer’s problem because it is happening to their system via their device over an attack vector they told you that you could or must put there.
They can choose to blame you and discipline or fire you, but that still doesn’t make the app’s security flaws affect your personal security, because those flaws didn’t let the attacker into anything of yours or see any data you own. Blaming me for that may happen, but that’s just bad management and an entirely separate issue.
Airgapping your work and personal lives makes a lot of sense for this and other reasons, and it makes even more sense if your employer is trash.