Banks are strict on their work laptops.
- Everything is tunneled through VPN
- 2 FA
- geofencing at VPN level (you can't take work laptop to Russia, India, China, etc)
- everything is whitelisted. Some employees can only access x.theirBank.com, everything is else blocked. This is the case with tellers, folks in the retail banking
- even for IT/dev, one should get explicit permission to get access to youtube, github
- every work laptop comes with an agent like ZScalar, which enforces these policies by coordinating with a central server.
- 2 FA
- geofencing at VPN level (you can't take work laptop to Russia, India, China, etc)
- everything is whitelisted. Some employees can only access x.theirBank.com, everything is else blocked. This is the case with tellers, folks in the retail banking
- even for IT/dev, one should get explicit permission to get access to youtube, github
- every work laptop comes with an agent like ZScalar, which enforces these policies by coordinating with a central server.