This post was written by a guest contributor.
Too many employees do more than just work on company-issued devices. In fact, it’s easy to forget that it’s a work device in the first place. After all, it goes everywhere with you: from your kitchen on remote work days to your work bag during business trips.
It’s not uncommon for workers to use it as a personal device in some way. A quick scroll through social media here, a personal email there—it shouldn’t be a problem, right?
But plenty of people take it further, and that’s where it starts getting risky.
First, a reality check
It’s crucial to remember that a work device isn’t yours, but your employer’s—and they see more of what you do on it than you might realize. The extent to which employers perform surveillance varies, of course, but they monitor your activities, nonetheless.
Under the Electronic Communications Privacy Act (ECPA), US employers are permitted to track device activity, including emails, browsing history, location, and even keystrokes for business purposes. Some companies go further, using tools that take periodic screenshots or access webcams.
Most do disclose it in employee handbooks or contracts. The problem is that not everybody reads them thoroughly enough to notice.
In fact, according to APA's Work in America Survey, only 44% of workers are aware that their employer uses technology to monitor them while they’re working.
The smartest way to use your work device is to pretend that your boss is constantly watching over your shoulder. The reality isn’t too far off anyway.
With that in mind, here are seven things you should never do on a work device.
1. Install unauthorized software or apps
The term “shadow IT” refers to the installation of tools or software that haven't been approved by the company's IT department. It’s common with work devices, and it’s one of the biggest sources of cybersecurity headaches.
But it’s rarely a case of installing such tools maliciously. Most of the time, someone might just find a useful browser extension, download a free PDF converter, or install a productivity app they loved at a previous job. Although it seems harmless, it often isn't.
After all, some of the most common ways malware gets injected into devices or data gets quietly siphoned include:
- Freeware and free browser extensions
- Pirated or cracked software
- Screen recorders and PDF converters from unknown developers
Even tools from well-known developers can cause problems if they haven't been vetted against your company's security setup.
This is why most organizations have an official list of approved software. If you want to use a tool that’s not on the list, or if your company doesn’t have one, at least consult your IT department first.
2. Save personal files, photos, or documents
Work laptops make convenient storage. They're fast, portable, and have plenty of space. It's tempting to save personal files on them, whether that be family photos or a copy of your lease.
Doing so isn’t as much of a security concern for the company as Shadow IT is, but it’s a personal concern for you as the file owner.
At any time, your device could break down and need to be sent in for repair. When this happens, your files might get wiped. Or, if you leave your job or get fired, you may have little to no time to retrieve personal files before the device is reclaimed or remotely wiped.
At the end of the day, anything stored on a company device, in a practical sense, belongs to your employer. Use your own devices or a personal cloud storage account instead.
3. Let family members or friends use it
If you shouldn’t use your work device for anything outside of work, neither should anyone else. But what if your partner needs to print something quickly, or your kid wants to look something up for a school project? What's the harm in a few minutes?
Quite a bit, potentially. Especially with kids or anyone who doesn’t know you’re using a work laptop. They could accidentally:
- Delete or move important files
- Download something harmful
- Access or expose confidential company information
Beyond these risks, most corporate IT policies explicitly prohibit anyone other than the assigned employee from using a work device. Harmless as it may seem, it's best not to give your company a reason to reprimand you.
That said, life happens. If there’s an urgent need for someone else to use it, at least be right there with them as they use your work device.
4. Use it on public Wi-Fi without protection
With remote work being so common now, work devices find themselves in coffee shops, airport lounges, and hotel lobbies as often as they do in the office or at home.
Most people use public Wi-Fi networks in these places without a second thought, but they’re actually not as secure as the connection you have at home or at the office. Often unencrypted, it’s easier for cybercriminals to see—and steal—the data you're sending or receiving over these networks. That includes emails, login credentials, and any work files you're accessing while connected to it.
This isn’t to say you can’t use public Wi-Fi, but you need to secure your connection with privacy tools, like Surfshark's VPN. Many companies include VPN requirements in their IT policies—so if yours does, it's worth knowing and having one ready before your next coffee shop session.
5. Do personal banking or online shopping
What’s the risk when you log into your bank account, order something online, or check your credit card statement during your lunch break? Well, more risk than you might realize.
Don’t forget that many companies track work devices by taking periodic screenshots or logging keystrokes. This means every password and account number you type could be logged without you knowing it.
Additionally, if your work devices ever get infected with malware—which can still happen even on well-maintained company devices—your personal banking details go down with it. After all, hackers also target businesses, and if they succeed, both your work files and personal information get compromised.
Save personal finance tasks for your phone or a personal computer. Remember that the more devices you use to access sensitive accounts, the more entry points there will be for someone who shouldn’t have access. Your work laptop shouldn’t be one of them.
6. Access non-work-related sites
This one might seem too obvious that it should go without saying, but people still do it, so it’s worth bringing up, nonetheless. Adult content, gambling platforms, and piracy sites are accessed on work devices more often than employers or employees would probably like to acknowledge.
Not only do most companies log browsing history for work devices, but these sites are also common sources of malware and spyware. And of course, accessing inappropriate content on a work device is a ground for termination at virtually every US company.
7. Run a side hustle or personal business
The freelance economy is booming, and plenty of full-time employees have side gigs. There's nothing wrong with that, but there’s plenty wrong with doing so on a work device.
Not only does it certainly go against your employer’s rules and risk your job, but most US employment contracts include clauses stating that any work created using company resources—including company devices—belongs to the employer.
This can include anything you’re working on for a client. A product you designed or code you wrote could legally become your company's property, not yours.
This clause is especially common in tech, creative, and knowledge-work industries. It’s a clause that, once again, often goes unnoticed, as it’s usually buried in onboarding paperwork.
If you have a side hustle, protect both yourself and your client by keeping it entirely off company equipment.
Emphasizing ‘work’ on work devices
Rarely are these things done out of ill intent. Often, it’s about convenience and habit—a result of blurred boundaries between work and personal life.
At the end of the day, however, it’s your employer’s device. Everything on it is beholden to their policies, visibility, and legal rights.
This doesn’t mean you should feel paranoid; it just means you should be deliberate. Draw clear boundaries on what and what not to do on a work device and protect your data, reputation, and career.