A former IT pro turned end user explains why blending your work and personal tech was, is and always will be a bad idea for you and your employer.
In the age of remote work, it’s easier than ever to blur the lines between our personal and professional tech. Maybe it’s sending personal texts or emails from your work phone, editing personal documents or photos on your work laptop, or joining a virtual happy hour with friends from your work tablet.
None of these actions may sound like a particularly risky activity, but as a former “IT guy” I’m asking, nay pleading, with you to stop doing them. At least the potentially more hazardous activities, such as storing personal data on your work machine or storying sensitive company data on your personal devices. Do it for the security of your employer. But more importantly, for the safety, privacy and wellbeing of yourself, your family and friends.
Cybersecurity incidents can have serious negative consequences for both your employer and you. And even if an actual security breach or data leak doesn’t occur, you could be reprimanded, demoted, fired, sued or even criminally prosecuted. Take the case of former CIA director John M. Deutch.
An ex-CIA director, work laptops and porn sites
In 1996, as Deutch was leaving his position as Director of Central Intelligence, he asked if he could keep his government-issued computers because they contained his personal financial information, and he did not own a personal computer to which the data could be transferred. (This seems incomprehensible today, but it was very common at the time.)
The government agreed to loan the computers to Deutch basically under the condition that he become an unpaid government consultant, not use the computers for personal work and buy a computer to which he could transfer his personal data. Fast forward a few years and it’s discovered that the government computers, now at Deutch’s Maryland home, had been connected to the Internet and that their hard drives contained classified information. Deutch also told government investigators that family members had access to the computers, including his wife, who “used this computer to prepare reports relating to official travel” with Deutch and another family member who used the computer “to access a university library.” It was also reported at the time, that the “other family member” was Deutch’s son, who in addition to accessing those university resources also visited several “high-risk” porn sites, one of which had placed cookies on the computer.
Now, there was no evidence that Deutch was selling government secrets or that the top secret information on the machines had been compromised. But as a result of the incident, Deutch’s security clearance was revoked and he agreed to plead guilty to a misdemeanor charge of unauthorized removal and retention of classified documents or material and pay a $5,000 fine (about $8,000 today). Deutch was eventually pardoned before the plea agreement could be processed by the court, but needless to say the incident was a huge headache for Deutch and the CIA.
SEE: Incident response policy (TechRepublic Premium)
Over half of people are using work machines for personal stuff and vice versa
And if you think Deutch’s story is an isolated case or that fewer people are making the same mistake because personal computing devices are ubiquitous today…think again.
A survey conducted in August 2020 by antivirus vendor Malwarebytes asked respondents how they used their work devices. The company found that 53% reported sending or receiving personal email, 52% read news, 38% shopped online, 25% accessed their social media and 22% downloaded or installed non-company software.
And then of course there’s the flip side, using a personal device for work. A report from cybersecurity vendor Morphisec released in June 2020, found that 56% of employees reported using their personal computer as their work device. And according to a 2020 survey by antivirus software maker Kaspersky, 57% of respondents said they checked work email on their personal smartphone and 36% did work on their personal laptop or desktop. Only 30% said they never used a work device for personal activities.
Keep in mind however, survey respondents don’t always provide completely accurate data. They may have forgotten past events or omit information due to embarrassment or fear or potential negative consequences. As such, I suspect these figures undercount the number of folks who are actually blending their work and personal tech.
SEE: Clear guidelines for remote work will boost security and control access (TechRepublic)
Co-workers could be watching you
And if Deutch’s story isn’t enough to discourage you from using a company-issued device for personal activities and vice versa, consider this…more employers are monitoring activity on corporate devices as more employees work from home due to the COVID-19 pandemic.
Writing for TechRepublic, Owen Hughes cites research from Skillcast and YouGov that shows one in five companies (20%) are “using technology capable of tracking workers’ online activity, or have plans to do so in the future.” In an article for ZDNet, Hughes also references a study by the UK’s Trades Union Congress (TUC), that found “one in seven employees reported that their workplace had increased monitoring and surveillance since the start of the pandemic.”
Do you want to take the chance that a co-worker, could see highly personal photos, read your texts or emails, or access your sensitive documents? Trust me, you don’t.
SEE: Hardware decommissioning policy (TechRepublic Premium)
Cleaning off a work machine is a pain
Even if nothing “bad” happens, there are still headaches from blurring the lines between your personal and professional tech.
What happens when you get a new machine? What happens if you change jobs? In both cases you’ll need to clean your personal data off the work machine before you give it back to IT. And depending how much personal data has accumulated on the device and how you’ve organized it, the process can be extremely complicated and take a significant amount of time.
Also, simply copying and deleting the personal data won’t completely protect your privacy. To really keep your personal information well personal, you’d need to wipe the machine’s hard drive or physically destroy the drive, something which will likely raise red flags with your company’s IT department.
You also run the risk of losing access to your data permanently if you fail to copy it all and the machine’s drive is wiped or destroyed as part of your employer’s computer equipment disposal policy.
Mixing personal and work tech: Just don’t do it
I know it’s hard not to grab your work laptop or tablet off the kitchen table and use it to help your kids with their homework or complete that home loan application you’ve been working on. So many of us have been working from our living room couches and kitchen tables for the past year, that the line between our work and personal lives has never been more blurred.
Indeed, many hardware manufactures have played to this fact by marketing their products as being able to security handle both work and play. But even with these solutions, there’s only one way to completely protect ourselves from suffering the same fate as Deutch, keep our work and personal tech separate. And, there are plenty of great laptops, smartphones and tablets out there to help us do it.
Editor’s note: This story originally appeared on TechRepublic’s sibling site ZDNet.