(Un)Safe as Houses: Why Using Work Equipment at Home Can Be a Security Risk

These days, using work equipment outside the office is commonplace. With flexible and remote working becoming increasingly the norm, employees are often reliant on company phones and laptops to do their jobs effectively.

And on one hand, this is a positive thing from a security standpoint. Staff doing sensitive or confidential work on their own devices is never a good idea – personal smartphones, laptops, even home PCs are very rarely properly secured, and the possibility of data leakage is extremely high. 

So with remote work on the rise, it is only sensible to provide dispersed teams with properly configured and secured tech to do their jobs. 

But in this more flexible age, the lines between personal and professional hardware are often less defined than they once might have been. If you are working from your company laptop it is only natural to do a few personal tasks at the same time or once you’ve clocked off, or to send personal texts or emails from your work phone. What’s the harm, after all?

A work laptop might even become something of an additional resource for the whole household. If one kid is doing their homework on the main computer, then another might use your work laptop for a Zoom seminar with their teacher. Your partner might borrow your work tablet to stream a few videos while they are in the bath. Again, what’s the big problem?

While none of these things might seem incredibly insecure on the face of it, in reality, they represent a serious potential vulnerability in your organization’s network, and might well result in a damaging breach. If you use your work machines for personal tasks you also run the risk of putting the safety and privacy of your family at risk!

Research shows that the majority of employees use their work devices for personal tasks. Most just use them to send and receive emails or read news websites, but a significant minority shop online, use social media, and download and install non-work-specific programs. And that is before you get into the problems with other members of your family accessing your work hardware for their own personal use!

Downloading non-work-specific software onto a work device automatically creates a weak spot in your organization’s cybersecurity. It means the first line of defence is breached, as the software itself will not have been checked and secured, and it has now gone beyond the first security checkpoint, so to speak, with potential access to the wider network. 

But breaches due to improper use of work equipment don’t only come about through deliberate, if unthinking actions. They can happen by accident extremely easily. 

For example, an employee for a big consultancy company, Bob, does most of his work from home on a work laptop. His two daughters also use the laptop as their mum also works from home on the main computer. One of his daughters spends a lot of time playing Roblox, and on one occasion clicks on a pop-up advert and inadvertently downloads and installs a program. She closes the pop-up window immediately and doesn’t think about it again. 

However, malicious spyware has now been downloaded onto the device. It logs all of Bob’s keystrokes and steals the log-in credentials for his work network, giving the bad actors on the other end access to his company’s servers. It spreads through Bob’s home internet network, infecting all the devices in the home, and breaching a number of sensitive and personal websites. To top it off, when Bob goes into the office the following week and connects his laptop to the internal network, the spyware spreads throughout the entire company, causing a total shutdown and a ransomware crisis. 

This is obviously an extreme example, but it really isn’t unthinkable. And security breaches thanks to inappropriate use of work equipment at home are far more common than you might think. And even if the worst doesn’t happen, blurring the lines between your work and home hardware can cause significant problems for you.

Imagine the embarrassment you would face at work if it turned out that your kids had been using your work laptop to look at inappropriate websites, or using your work phone to send stupid or abusive social media posts. What might be suitable behaviour online in a personal capacity could easily cross a line when it comes to expected professional behaviour.

Plus there is the privacy angle to consider. Changing jobs or upgrading hardware at work might mean losing a whole bunch of personal data. It certainly means you’ll have to do a thorough sweep-and-delete process before you hand back your old machine to IT. You put your privacy at significant risk, as deleting information properly can be a tricky business without physically destroying the hard drive…something that is unlikely to go down well with management!

Overall, while tempting and convenient, using your work equipment for personal tasks just isn’t worth the hassle. It can have serious repercussions for your organization’s security and can result in a breach of privacy for you and your family as well! So stick to work on your work devices, and personal matters on your personal devices, and you won’t regret it.

Connections Blog

Benefits of Auditing Your IT Department 

IT auditors often have to spend quite a lot of time persuading businesses that organizing an audit of their IT department is valuable and worthwhile. Organization-wide audits often include...

read more
Share This