[__d]

Perhaps the easiest technical solution would be a cheap phone and a plan that allows tethering? That gets it off your network and your personal public IP for $NOTMUCH/month.

It's still possible that your employer might use their laptop's WiFi, Bluetooth, microphone or camera to do various nefarious things, but ... unless you're genuinely worried about nation-state level shenanigans, I think that'd be excessively excessively paranoid.

Either way: distrusting your employer this much might indicate that it's time for a new job?

[guuggye]

I don't distrust them so much and I think an administrator would have better things to do. That said, I'd prefer not giving them the opportunity and if it's at all practical "better safe than sorry" as they say.

Thanks for the suggestion.

[__d]

Fair enough.

The other thing you might consider is a separate VLAN for your work equipment. This won't address the public IP concerns, but will separate your work and personal network traffic.

It would require decent spec switch, router and WiFi though: most likely not what you already have unless you have enterprise-style gear. And given it doesn't address the public IP issue, overall a cheap tethered phone is possibly both better and cheaper.

[necovek]

With a bit more effort, OpenWRT on comodity hardware can achieve that as well.

[guuggye]

Thank you both. I typically log onto a separate "guest" Wi-Fi network that I enable through my router. Though maybe that's not exactly the same?

I'll need to double check the settings to be sure about the network isolation.

But as mentioned that still doesn't address the public IP concerns.