These days, many companies provide employees with a variety of work devices from smartphones to laptops and even tablets to complete their work with. Company IT departments usually set them up with your login information, a selection of important apps and all the bells ’n’ whistles that allow you to successfully do your job.
Somewhere around day five on the job is usually when we start updating the device with our own preferences: changing the screen saver to a picture of your pet, logging into your Spotify account to queue up the perfect “working late” playlist, checking Facebook for the news of the day (oh, and to say Happy Birthday to that friend from high school), and so on and so on.
However, cyber security experts say that weaving your personal and professional lives together via a work laptop is risky business — for you and the company.
Software technology company Check Point conducted a survey of over 700 IT professionals which revealed that nearly two-thirds of IT pros believed that recent high-profile breaches were caused by employee carelessness. “The greatest threat resides in your organization,” said Check Point.
While we’ve all be warned to steer clear of NSFW (not safe for work) websites or links (cough, cough porn), there’s more than just naughty photos to avoid while using company-issued devices.
As a refresher in cyber security and smart professional practices, we reached out to the experts to tell us the six things we should never do on our work computers. Bookmark this one, it’s going to surprise you.
1. DON’T: Save personal passwords in your work device keychain.
Most of us use our work devices for eight or more hours a day. They come home with us, they become our primary device, sometimes used more often than our personal devices. Therefore, it’s so easy to click the button when prompted to “save password in keychain.” But not so fast.
According to the Society of Human Resource Management (SHRM) many companies have a clause in their computer, email and internet use policy that makes storing personal passwords a potentially precarious move. It reads:
“E-mail and other electronic communications transmitted by [Company Name] equipment, systems and networks are not private or confidential, and they are the property of the company. Therefore, [Company Name] reserves the right to examine, monitor and regulate e-mail and other electronic communications, directories, files and all other content, including Internet use, transmitted by or stored in its technology systems, whether onsite or offsite.”
It’s always important to read your company’s policies and procedures as they pertain to internet use and equipment. Know what you can and cannot do.
2. DON’T: Make off-color jokes on messaging software.
As chatrooms like Slack, Campfire and Google Hangout become increasingly handy for team collaboration, it’s easy to use them as though you were in the office break room having a gossip session with a colleague while raiding the fridge. However, those messages are being kept on a server somewhere and are just as retrievable as emails.
Slack “has access to all of your chats,” says Trevor Timm in an interview with Fast Company, “[as well as] any internal communication you may not want in public,” including private conversations. Remember to be very intentional about what you say and don’t say on chatroom platforms.
3. DON’T: Access free public wi-fi while working on sensitive material.
With so many of us working remotely or sending a few work emails over the weekend from a cafe, it’s tempting to grab your laptop and log on to free public wi-fi. After all, it’s everywhere and the boss isn’t going to wait until Monday for a review of that project. However, places that offer free wi-fi like the neighborhood coffee shop, the airport or the hotel, can open you up to fraud.
“Don’t access your email, online bank or credit card accounts when on public Wi-Fi,” says fraud expert Frank Abagnale. “This is because con artists may set up fake networks that seem like the real thing but aren’t (this is known as the “evil twin” scam).”
4. DON’T: Allow friends or non-IT department colleagues to remotely access your work computer.
“Now that remote access software is easily accessible, you have the ability to have virtually anyone you know access your computer from outside the office,” says Joe Rejeski, CEO and Founder of avenue X group. “You wouldn’t have your friend walk into the office and sit down at your computer without first checking with your boss. Beware of doing the same thing virtually.”
5. DON’T: Store personal data.
It’s so easy to have a “personal” folder on your desktop full of all of the cute photos your spouse sent of your children or to save that receipt from the plumber, but it’s important to remember that a work device is not your property—it belongs to the company.
“I knew a company that suddenly went out of business,” recalls Rejeski. “A few people voiced concerns about what would happen to their personal data (ex. tax returns) on their work computers. When the company closed down, securely erasing personal data from the work computers wasn’t exactly a priority for management. Nobody knows what happened to the computers or the personal data that was on them.”
Another thing to remember is that if you ever get let go from a company, standard HR policy is to have you leave immediately. Rejeski says, “you probably won’t have time to remove those files.” Instead, consider keeping a USB wand on your keychain to save any personal data.
6. DON’T: Work on your side hustle while at the office.
Many of us have second or third jobs that we do as hobbies or to earn extra cash, but don’t blur the lines while you’re “on the company dime.” As mentioned above, everything you do on your work device can be legally recorded by your employer and is as easy as IT pulling your data. Be careful about using your company devices for outside work. It may seem harmless, but can be the straw that breaks the camels back in a discussion with your manager or a dispute with HR.
“Even if your coworkers are doing some craziness on their work computers, you could be the one that is made an example of,” adds Rejeski.