Would this be misconduct?

[MeatPotatos]

We all have work laptops to WFH and bring to the office on office days
The laptos are registered with the IT team of course

Colleague uses their own PC at home and is now buying a new laptop especially for when they want to work from a coffee shop or somewhere else because they don’t like the brand used by our company

I warned colleague that this might be a breach in the contract and against the company’s policies but they don’t care

I was going to check the contract and policies myself but forgot. Anyway it is not my problem but I’m just curious, this is not the done thing right?

It's usually impossible OP. We need to log into the work VPN before accessing anything and it's software you can't just download off the internet.
Your job must be pretty lax if people are even able to use their own machines

Like PP, it wouldn't be possible where I work either.

However, where DH works it definitely is possible because he does it. He uses his Mac for some things because he finds it easier. It's a small, relaxed company and they don't mind. Tbh, they'd be pretty unreasonable to mind because his personal laptop was the only thing he had available to use throughout covid because they didn't supply him with a laptop to wfh on.

Surely this is massively field specific.
This wouldn't be an issue in my job. My DP couldn't even find out the days he's rotaed to work this week as they can't see anything unless there on a work laptop.

We'd just log into teams/outlook/remote desktop through the browser. No big deal.

There is no VPN - you just need to log in with your work email apparently. Some people also use their phones.

As long as there is appropriate authentication on the systems accessed for work, I don’t see an issue.

MFA takes care of security concerns, mostly.

With MS Office 365, whith everything cloud based, a VPN isn’t used I don’t think. You can log in on any device from anywhere, though your employer might have geographic restrictions, using secure MFA and MS Authenticator.

We don't just use the same MS Office that everyone else does...There are additional layers tying the Microsoft native authentication methods to our internal ones.
For example we don't login with a username password or authenticator. Once we login to our work laptops, we type in our Microsoft username and it logs us into the apps.
I don't know whether it directly ses a token stored on our machines, or it does additional validation based on said token (or maybe the user profile of the machine).
But, it has no password so It's impossible to just download the app and use it on any device.

We have virtual desktops, but there are multiple levels of authentication to access systems. We can use our own laptop/PC or the company-provided one when WFH, but are strictly forbidden from using unsecured public networks such as those in coffee shops. I would imagine this is a common policy for anyone who has access to any sort of sensitive data.

It depends where you work. It's fine where I am now (and indeed very common - people would often use a work laptop and personal tablet, for example). In my last job it may well have been gross misconduct.

You've warned her. If you're not her boss and have no responsibility over her doing this, then just leave her to it.

We use our own laptops at home.

We aren’t issued with company ones.

So yes it’s possible.

The company may have a Use Your Own Device policy, it’s quite common in private sector businesses

It depends on the IT and data security policies. Dh was not allowed to login outside office or home, only on issued equipment.

When the pandemic hit we were sent to WFH and it was expected that we used our own as they didn't provide company ones until about 18 months in! I still use my own at home and a work one in the office, no idea if it's allowed but would be hard to enforce as they expected us to use our own initially! And yes, we have a Remote Desktop for secure systems but most work is just office 365 that can be logged in to from any device.

Same for us when the pandemic hit, we had to download a Citrix virtual desktop thing and use our own laptops until we were sent work ones.

OP, as your work systems don't sound very secure or complex then what difference will your colleague using their own laptop make, and how will anyone know?

It will depend on their company policies. Often there is an End User Agreement/Acceptable Use Policy that employees sign to agree they will follow the rules in place. These rules usually cover things like:

• suitable passwords/device authentication
• suitable work environments
• whether work content can be accessed over public WiFi
• what kind of anti-virus/firewall needs to be installed on a device used to access work content
• whether Bring Your Own Device can be utilised

If she has agreed to these policies and knowingly breaches them then it would be misconduct, if as a result of that breach confidential company data is leaked or systems are breached then it would be within their rights to escalate that to gross misconduct.