If you use a work-issued laptop or desktop computer, you’ve likely been tempted to check your personal email, store private files on the company’s Google Drive, or avoid work entirely by diving into a research rabbit hole that has absolutely nothing to do with your job. You probably shouldn’t do any of this on a computer provided by your employer.
Employers can install software to monitor what you do on your work-issued laptop or desktop. In the most watchful of workplaces, this may include keyloggers that can see everything you type or screenshot tools that track your productivity. What type of surveillance and security software is installed on your company computer is often based on two factors: how large the company is (and what resources it has to dedicate to this) and what type of information you deal with in your role. If you work with sensitive materials, such as health records, financial data, or government contracts, you can count on your employer keeping a careful eye on what you do.
For most of us, the fear of being heavily surveilled at work is unwarranted. Jesse Krembs, senior information security analyst at The New York Times, said, “Without supporting evidence, at scale this is pretty rare. It tends to generate a lot of useless data, rope the employer into liability issues, and generally make the team that monitors these surveillance systems miserable. That being said, almost all large companies have a targeted program for doing this, especially for dealing with suspected insider threat or fraud.”
Even if your every move isn’t being watched, it’s still best to assume your work computer is monitored and act accordingly. Here are some less obvious tasks you should be mindful of.
Don’t store personal files on your work-issued laptop or phone
Every security expert I spoke with mentioned one no-no: storing personal files on an employer-issued phone or computer. If you’re fired, your laptop is usually the first thing it’ll take from you, and if your company ends up in a lawsuit, any files on your laptop or desktop are fair game. Tracy Maleeff, an information security analyst at The New York Times, pointed to security concerns as well: “From the employer’s perspective, it just adds to the threat model of potential infected documents.”
Isaac Blum, director of applications and system services at logistics real estate company Prologis, added that even if you feel like you have job security, you might not have data security, depending on the security tools your company uses. “Some of these tools, if they detect a breach, they’ll start wiping files,” Mr. Blum said. If your computer gets infected with malware, the security measures taken to try to get rid of problems might clear out your personal files, too.
Don’t use Google Docs, Slack or similar tools for anything you don’t want your employer to see
Since it’s online and not software installed on our computers, it’s easy to think of G Suite, which includes services like Gmail, Google Docs, and Sheets, as private productivity software. But the Freedom of the Press Foundation notes several reasons you shouldn’t use a company-issued Google account to store your private data.
Administrative users with G Suite Enterprise can search for specific phrases in an employee’s emails and documents, just like you can in your own account. Employers can set up audits to be notified of suspicious behavior and create custom scripts for retaining data.
For example, an employer could establish a process by which your email drafts are saved even if they’re never sent. If you’ve ever considered drafting a resignation email calling your boss a jerk, do so elsewhere.
As for non-Gmail employee email accounts, you can safely assume they’re being monitored too. Mr. Blum said, “We can see people’s emails. There’s only a select few people, but nothing is technically not viewable.” Due to the risk of sharing insider information, the number of individuals who have access to employee emails is usually small.
The same goes for chat software, including Slack. Admins have access to private messages, and Slack saves messages on its servers.
You should avoid signing in to other personal messaging apps, like Apple Messages or Google Hangouts. Not only would your employer potentially have access to those messages, but you also make yourself susceptible to embarrassing moments, like receiving a private message when you’re screen sharing. If you want to trash-talk your co-workers or your company, do it over a third-party app (like Signal) on your personal phone.
Assume your internet traffic is monitored
Your employer almost certainly monitors your internet traffic. But beyond watching out for the obvious stuff, this probably isn’t as nefarious as you think. Blum said it’d be aware of “basic web traffic” only. Though, if you’re routinely not getting your work done, don’t be surprised if a boss rolls out data on how much time you spend scrolling Facebook.
If you think you can use a VPN to hide what you do, think again. “We deploy endpoint protection,” Mr. Blum said. “Even in the event you install a local VPN on a laptop, we can still see the DNS traffic. We have an agent so when it connects back up, it’ll shoot over whatever history was there. But while you’re connected to the VPN, it’ll still be anonymized by the VPN you’re using.”
Even if your employer doesn’t care much about your browsing habits, it’s still best to avoid doing any personal business — like side hustles or hobbies — on your work computer. But you don’t have to be paranoid about everything. “You can pay all your bills,” Mr. Blum noted.
“That’s not the kind of thing people should be concerned with.” Joanna Grama, senior consultant at Vantage Technology Consulting Group, suggested, “Use your smartphone when you want to access your personal social media.”
Be more careful with your computer when you’re in public
You should treat your work computer with the same care as you would your personal computer. That means being secure on public Wi-Fi and using common sense. Ms. Maleeff suggested using a VPN for public Wi-Fi (Wirecutter recommends using TunnelBear).
Ms. Maleeff also suggested locking your computer when you step away from it. “I have a great story of a U.S. government employee traveling next to me on Amtrak who left his laptop open and unlocked while he left his seat,” she said. “Without even touching the computer, I was able to determine a lot of information.” If you’re at a coffee shop, on an airplane or train, or anywhere else in public, log out or shut your laptop.
How to see what’s running on your computer
When you use employer-owned equipment, it’s good to remember you don’t have a right to privacy — but that doesn’t mean your employer shouldn’t also clearly state what kind of monitoring it does and how.
Ms. Grama noted that your employee handbook is a good place to look to find out what software may be running on your computer. “Probably anybody who works in H.R. will say that yes, this type of information must be in an employee handbook,” she said. “It’s a really good practice and would engender good feeling about your employer if you knew that type of monitoring was taking place.”
If your handbook doesn’t have details but you’re still curious about which monitoring software your computer has, the information is usually easy to find. Mr. Blum said that such software “may not launch on a task bar, but many are still located in add/remove programs. On a Mac, they’ll show as an application or service.” A quick Google search should reveal the software’s capabilities. As weird as it can feel to have your employer monitor you, everyone I spoke with recommended against deleting the software, which will call attention to you.
Most employers include screen-sharing software, like VNC or TeamViewer, which gives your I.T. department access to your computer remotely. If you’ve ever been freaked out because an I.T. worker “took control” of your mouse to fix your computer, this is what they used. It’s usually obvious when this software is running, so don’t fret about your I.T. department watching you mistype emails all day long.
The central tenet of this advice is to avoid saying or doing anything on a work-issued computer or account that you don’t want your employer to see. It’s probably fine to pay a bill now and again — or to create a lineup for your office’s fantasy football league — but avoid doing anything personal or unprofessional.
A version of this article appears at Wirecutter.com.