This week’s question from Lifehacker reader Mike is something that many of us have had to deal with at one point in our lives: the irritating balance between technology, one’s personal life, and the demands of one’s professional life.
On to Mike’s dilemma. It’s a biggie, but it’s absolutely worth reading:
I’ll try to keep the backstory simple: At the beginning of this year, I started a new position as a contract employee for a consulting organisation. This is a virtual worldwide business so 95% of employees work from home. As a contract employee, I was required to use my own device without reimbursement (this was fine, I just recently bought a new laptop for personal use and didn’t really care to use two devices). We used Skype to communicate and Sharepoint for file sharing – no big deal, everything worked fine. After my contract was complete, I was offered a permanent position (yay!) and continued with the same work structure on my personal device. All was still well functionality wise.
Recently, my firm began an overhaul of their IT infrastructure. They recently asked us to upgrade to Windows 10 Professional, the cost of which was reimbursed. No big deal. Then, we were asked to establish a Windows 10 Enterprise profile on our laptops. This involves creating a new user account and also joining their Azure Active Directory (whatever that is…). As I was reading through the instructions to do this, I noticed some prompts that were a bit concerning. Specifically:
[when initially connecting to my work account] Connecting means that your work or school might control some things on this device, such as what settings you can change
[when joining the Azure AD] These actions will set up the device as your organisation’s and give your organisation full control over this device.
Are there any security concerns here if I continue to use my personal laptop for personal and business use? Will I be able to run both accounts or does this effectively become a work PC only? Anything else I should know or inquire about to ensure my data is safe?
I do also have the option of being issued a separate work laptop, but am intrigued by the convenience of using only one device (assuming my data will remain secure).
I completely understand your desire to keep your technological life simple, and I want to lead off with a clear and precise answer. When you use a laptop that your company controls — whether they gave it to you or they have administrator access to the operating system that powers your machine—you should assume that anything and everything you do is logged, tracked, or viewable in some fashion. Expect no privacy, and don’t do a single thing on that device that you wouldn’t be comfortable doing with your boss (or the head of HR) standing over your shoulder.
I realise that sounds a little drastic, but staying strict is the surest way to avoid any workplace problems whatsoever — as far as your gear goes. I’m not implying that you’re the kind of person who is likely to get into trouble for that sort of thing, but I also don’t want to downplay the significance about the open window your job now has into your technological life.
I don’t work in IT, and I’m not super-familiar with the nuances of enterprise setups, but I would err on the side of caution in your case. Even if you have two user accounts in Windows 10 — one for personal things and one for work things (that blasted you with scary prompts when setting it up) — I’d keep everything you’re doing on the laptop work-related going forward.
Assuming a best-case scenario, where the contents of your personal account is perfectly hidden and encrypted so nobody else can see what you’re storing in your user folders (or what you’ve downloaded to them), there are plenty of other reasons why it’s important to create this separation. You need to set a mental switch, if nothing else. This ensures that you don’t accidentally look at a site you shouldn’t, or download something you didn’t mean to, when you’re on your work account instead of your personal one.
Mistakes happen. They might not even be your mistakes. I’ve had plenty of friends get hit with the dreaded “someone texted me during a work presentation and a preview popped up on my MacBook and oh God” problem. Keeping your personal accounts and data walled off from your work environment protects you from these sorts of situations, and the easiest way to do so is to use work devices for work and personal devices for everything else.
Additionally, you have no idea what’s in store for your system from your employer’s IT department. What if they push some kind of update that accidentally bricks your device, making it impossible for you to access your work and personal data? You might not miss the former as much as you’ll miss the latter, especially if you haven’t backed up your photos, movies, or documents in a while.
Additionally, why add extra wear and tear to your laptop if you don’t have to? That’s eight (or more) extra hours each day that you’re stressing your battery or running mechanical parts that might fail sooner than they otherwise would. If a company laptop breaks down, the company probably has a replacement it can give you right away—or established, easy ways to get your laptop fixed up. If your personal laptop breaks down, that’s on you. There’s no guarantee the company will pony up for repairs, or that it will even get you a new one. It’s your laptop, after all.