Most of us deliver our work via a company laptop, with or without access to a virtual machine. It’s often tempting to access your personal data (like email, social media), save the login so that you don’t type the password every time, store photos, download some files you’ve received or even get personal / flirty on the company email. It’s fine if you want to do all this, as long as you own the possible consequences.

All companies have an obligation to inform their employees about any form of employee monitoring they are running. While you may say they don’t inform you, they actually do, but it’s often so ambiguous or in small letters or in an addendum, that your mind may not capture it. I can guarantee you that all labour contracts specify that utilizing company resources for personal use is forbidden.

Reality check

Here are some realities that you should be aware of:

Corporate security monitors emails sent from your work address.

To give you an example, you may have noticed in Outlook integrations with software for email classification. In the banking industry, security consultants receive for closer examination, any emails that ring a bell either due to attachments or possibly sensitive content. That means there’s a good chance that a third person will get to read your email. NDA or not, it may not make you feel comfortable.

It can monitor company chat servers for sensitive language.

I know one company where swearing and key words relating to sex were alerting the IT department.

Managers can mandate an internal check.

If there is a suspicion that you may have disclosed confidential information to third parties, an internal request can be issued to verify your email. Whether this falls between legal boundaries or not, that depends on the country. Fact is, your email history may be checked even if it can’t be used as a legal evidence.

CISO always monitors accessed links

An ex-colleague of mine accessed her Picasa albums, when the service was still in-use. In one of the albums she had a photo made at client’s HQ, featuring one of the managers. There was nothing harming or out of place in the content. Because the link showed up in the reports, someone from client’s IT department, clicked the link and escalated the matter. It caused a lot of stir out of nothing.

IT may try to recover data

Computers crash and they will be taken to IT, for data recovery. Will you be embarrassed if some strangers go through the files you’ve stored on your workstation, maybe even left on your desktop?

Don’t make screen sharing awkward

Screen sharing while you have personal windows open may put you in awkward situations. I’ve attended an online meeting some time ago, with a database specialist from Netherlands. The guy who was presenting was trying to locate some info, so he was switching through the open windows. Let’s just say we got to learn his most personal preferences when it comes to sex.

Be aware of remote connections

Some VMs allow IT support to connect remotely and take over control without any confirmation from your side. Best case you might see a pop-up that someone has connected to your machine.

Sudden contract termination is possible. Really sudden.

In case of extreme measure (mass contract termination as it happened during the economic crisis), you will just be informed that you have been fired and asked to leave the building immediately. Your personal items from your desk will be collected later on and sent to you. This happened in a Canadian company with offices worldwide, where employees were asked to attend an all hands meeting happening simultaneously worldwide. Following the meeting, those that were nominated were asked to leave the building taking only their backpack / purse while the rest of their personal items were sent to them the next day.

Careful what you download

Massive downloads (from hundreds of MB onwards usually), in most corporations, are monitored and reported. Usually if you’ve done such downloads and you are resigning, your manager may be asked to review them and confirm there is nothing threatening intellectual property.

Legally, depending on the country and the contract you’ve signed, you may have no right to oppose disclosure of any information that you’ve run through the company servers.

There was a time when the only way to access your email or other web resources was via a computer. Nowadays we can check anything on our smartphones, so there is really no reason to access personal data from your company laptop. Everything I’ve shared in here, I’ve learned first-hand, so do take them as facts. In the end, being aware of these things, and acting accordingly, sums up to being professional.

Do you have any relating experience that turned to a lesson learned?