In a few years, employers are going to start screening for and rejecting / hiring employees based on how secure they think they are in their personal lives.
A user who is compromised in their personal/computer life is 99% going to be a user who is later compromised in their work/computer life.
From a legal scholarship point of view, this is going to initiate some very interesting federal court cases. Like for instance, can an employer mandate that their already hired employees use an iPhone in their personal life? Can they require that all of their employees use a password manager? What about a specific brand of password manager? The questions are endless.
Yes, an employer can mandate that employees use password managers for work-related accounts and are already doing it, from my experience. Also, for the precise reason you say, corp accounts exist. Employees in some companies already can't turn off 2FA for some accounts whether they want it or not.
Let's not reinvent solved problems. Questions are not endless.
They can certainly require that they use separate company-provided phone, computer, etc. to access company IT resources
using 2FA etc. Security-sensitive organizations already do this.
In general, things have gotten much looser about this in many places, but it's entirely possible that there could be a reversal is organizations start thinking DIY exposes too much risk.
As for what they do in personal lives, that's generally going to be a lot harder (and less appropriate) to police.
The engineering list is a decent start! Multiple vulnerability categories I see day to day appear to be missing though, such as race conditions, direct object references, and file inclusions. Would be nice to add a slide stating "Don't trust user input".
If anyone is interested in security training, or looking for an application security review, feel free to get in touch with us! https://www.oneupsecurity.com/
A user who is compromised in their personal/computer life is 99% going to be a user who is later compromised in their work/computer life.
From a legal scholarship point of view, this is going to initiate some very interesting federal court cases. Like for instance, can an employer mandate that their already hired employees use an iPhone in their personal life? Can they require that all of their employees use a password manager? What about a specific brand of password manager? The questions are endless.