There are a lot of risks that come with using your work computer for non-professional reasons. Do you know what they are?
Using your company-provided computer for personal reasons can be both easy and tempting. Half of the polled workers in this recent study admit to doing so.
Checking your social media, answering emails, and streaming a show on Netflix are many ways to kill time on a work device. You may not know that it’s not safe to do so.
This is precisely what Nexus IT Consultants CEO Earl Foote recently talked about on KSL TV.
“While this problem existed before COVID, through hybrid and WFH arrangements, the worldwide pandemic has spawned mass adoption of personal devices for corporate use, or corporate devices for personal use,” says Earl. “Both scenarios are massively risky to employers and employees’ privacy.”
In a nutshell? No, you shouldn’t use your work devices for anything other than work.
No matter how harmless the activity may be, it opens your company and yourself up to serious risks, none of which can be dealt with by clearing your browser history. As a rule of thumb, you should stick to working on work devices and limit personal activity to devices you own directly.
You can expose your company to serious cybersecurity risks by checking your email.
The fact is that, no matter how well-protected your work email account may be, the exact likelihood isn’t true of your personal email account. That means you (and the business network on which your work device is running) are vulnerable to phishing scams.
Phishing is a method in which cybercriminals send fraudulent emails that appear to be from reputable sources to get recipients to infect them with ransomware, reveal sensitive information or execute significant financial transfers.
Phishing attacks are mass emails that request confidential information or credentials under false pretenses, link to malicious websites, or include malware as attachments. If you were to open a phishing email on a work device, you could infect the entire business network.
It’s not just the business at risk—you are too. Everything you do on your work computer is monitored in one way or another by the IT department.
They don’t do this to spy on employees but to mitigate the chance of a cybersecurity breach. However, if you choose to read private emails, access personal banking accounts, or interact with other personal data, there’s nothing to prevent the IT team from seeing that. In rare cases, a malicious insider on the IT team may steal your data and use it for their own gain.
“This is not super common, but you sometimes have situations where you have what we call a rogue insider in an internal IT department, who is gathering private data of other team members. They might be stealing information about bank accounts or getting into their personal Gmail accounts and executing phishing campaigns and things like that,” Earl told KSL TV. “Those malicious insiders, or rogue insiders, are real.”
A malicious insider is anyone with legitimate access to your business’ network and sensitive data who decides to exploit the privilege for financial gain or out of spite.
Of the 4,716 insider incidents studied by the Ponemon Institute and IBM in the Cost of Insider Threats: Global Report 2020, 23 percent were related to criminal insiders. Moreover, the report pegged the annual cost to companies due to criminal insiders at $4.08 million.
“We deploy technologies that help us monitor computer activity,” Foote said. “Activity that can be malicious, nefarious, or cause vulnerabilities.”
Lastly, it’s important to remember that anything you do on your work computer will reflect your performance as an employee. If you’re spending all your time on social media or YouTube, someone is bound to find out, given that your device is being monitored.
All of this shows why you shouldn’t use your work computer for personal reasons. It could hurt your business, personal privacy, and career.