By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

In the age of remote work, it's easier than ever to blur the lines between our personal and professional tech. Maybe it's sending personal texts or emails from your work phone, editing personal documents or photos on your work laptop, or joining a virtual happy hour with friends from your work tablet. None of these actions may sound like a particularly risky activity, but as a former "IT guy" I'm asking, nay pleading, with you to stop doing them. At least the potentially more hazardous activities, such as storing personal data on your work machine or storing sensitive company data on your personal devices. Do it for the security of your employer. But more importantly, do it for the safety, privacy and wellbeing of yourself, your family and friends. Cybersecurity incidents can have serious negative consequences for both your employer and you. And even if an actual security breach or data leak doesn't occur, you could be reprimanded, demoted, fired, sued or even criminally prosecuted. Take the case of former CIA director John M. Deutch. In 1996, as Deutch was leaving his position as Director of Central Intelligence, he asked if he could keep his government-issued computers because they contained his personal financial information, and he did not own a personal computer to which the data could be transferred. (This seems incomprehensible today, but it was very common at the time.) The government agreed to loan the computers to Deutch basically under the condition that he become an unpaid government consultant, not use the computers for personal work and buy a computer to which he could transfer his personal data. Fast forward a few years and it's discovered that the government computers, now at Deutch's Maryland home, had been connected to the Internet and that their hard drives contained classified information. Deutch also told government investigators that family members had access to the computers, including his wife, who "used this computer to prepare reports relating to official travel" with Deutch and another family member who used the computer "to access a university library." It was also reported at the time, that the "other family member" was Deutch's son, who in addition to accessing those university resources also visited several "high-risk" porn sites, one of which had placed cookies on the computer. A survey conducted in August 2020 by antivirus vendor Malwarebytes asked respondents how they used their work devices. The company found that 53% reported sending or receiving personal email, 52% read news, 38% shopped online, 25% accessed their social media and 22% downloaded or installed non-company software. And then of course there's the flip side, using a personal device for work. A report from cybersecurity vendor Morphisec released in June 2020 found that 56% of employees reported using their personal computer as their work device. And according to a 2020 survey by antivirus software maker Kaspersky, 57% of respondents said they checked work email on their personal smartphone and 36% did work on their personal laptop or desktop. Only 30% said they never used a work device for personal activities. Keep in mind however, survey respondents don't always provide completely accurate data. They may have forgotten past events or omit information due to embarrassment or fear of potential negative consequences. As such, I suspect these figures undercount the number of folks who are actually blending their work and personal tech. Even if nothing "bad" happens, there are still headaches from blurring the lines between your personal and professional tech. What happens when you get a new machine? What happens if you change jobs? In both cases you'll need to clean your personal data off the work machine before you give it back to IT. And depending how much personal data has accumulated on the device and how you've organized it, the process can be extremely complicated and take a significant amount of time. Also, simply copying and deleting the personal data won't completely protect your privacy. To really keep your personal information personal, you'd need to wipe the machine's hard drive or physically destroy the drive, something which will likely raise red flags with your company's IT department. You also run the risk of losing access to your data permanently if you fail to copy it all and the machine's drive is wiped or destroyed as part of your employer's computer equipment disposal policy.Further details can be found on OUR FORUM.