Is Your Work Laptop Secure?
Here’s what you should and shouldn’t do on your work computer to protect your personal data.
As we continue to WFH longer than any of us anticipated, our personal spaces have started to intermingle with the devices we use for work. For example, where does my kitchen table end and my desk begin? And for that matter, when does my morning routine end and my first hour on the clock begin?
Of course, there is a certain etiquette when it comes to using our work computers. We want to protect our personal information and not violate any company policies. But then there are the accounts that are managed through our companies, like our 401(k)s and our health insurance. In those cases, where should employees draw the line when it comes to accessing personal information on a company device?
Given the sensitive nature of personal accounts, it’s vital to know if we can trust our employers with this information and whether they are keeping it secure.
Accessing your 401(k) at work
It turns out that many Americans—at least 63%—are not too savvy when it comes to our 401(k) retirement plans.
If you do want to check and see how much your 401(k) has accumulated, doing so from your work computer doesn’t pose an immediate threat—especially if your company has solid security policies, or uses Dashlane, which lets you easily differentiate business and personal accounts, and protects your passwords from anyone but you.
Accessing medical records and health insurance at work
If you receive insurance through your employer, it may be tempting to access your insurance plan, schedule doctor appointments, or pay medical bills in between work tasks, neglecting to use your own device. Is this inherently risky?
According to Balance Careers, your company’s HR department retains medical records for each employee, including insurance information, requests for paid or unpaid medical leaves of absence, physician’s examinations, notes, correspondence, recommendations, and more. Human Resources has a legal obligation to protect this information, required by HIPAA, and it must be stored separately and more securely than other business documents. Likewise, HIPAA prohibits employers from accessing patient records and health insurance claims.
There’s really no need to book appointments or look up specific insurance claims on your work computer, especially if you have a password manager and don’t need to remember complicated logins for your devices. Unfortunately, there is such a thing as “medical identity theft” (we cover what to do if you encounter it here), so be sure to handle your own medical records and accounts with as much care and protection as your employer is legally obligated to.
Passwords to personal accounts
For some companies, working from home means an uptick in employee surveillance. Earlier this year, the New York Times reported that there was a surge in the demand for software that monitors employees since pandemic-related safety measures began. This type of software is capable of things like tallying the number of words typed and taking screenshots of employee computers throughout the work day. Some surveillance software, like Hubstaff, which is used by Wall Street firms, goes as far as to track employees’ locations throughout the day.
So can your employer—or anyone else—capture your personal information through a screenshot of your computer? Employees are notified when the Hubstaff software takes a screenshot, and they have the option to delete it. The other measures of monitoring employee productivity like GPS tracking and reports of keyboard and mouse use, while invasive, do not give employers access to your personal accounts or information. No matter what surveillance measures your employer uses, though, they must comply with the Employee Online Privacy Act, which protects your personal communication and accounts.
Communication on work channels
Many experts say that you should never assume that what you’re doing on a work computer is private. This mantra should certainly be applied to your communication on work channels, such as Slack and email. If your company uses a password manager, there’s no need to share passwords over Slack or documents like Excel, which are both risky ways to share sensitive data. As far as saying something over Slack or Gmail that you wouldn’t want your boss to see, the short answer is: Don’t do it. Curious as to whether your boss is reading your Slack? We go into detail about that here.
While there are ways for your company to monitor your work activity, your company likely has your best interests in mind when it comes to your personal data. The best policy is to be proactive about your own personal data and familiarize yourself with company policies to ensure they are doing the same—like proposing a password manager to your boss.
Just remember to scrub your work computer of all your personal information before it is out of your hands.