5 Things Employees Should Never Do on a Work Computer

It starts small. Someone checks their personal email during a lunch break, or logs into online banking while waiting for a meeting to start. Within a few months, that work computer is being used almost as much for personal tasks as for actual work. It happens gradually, and most employees do not think much of it - until something goes wrong.

A survey of over 900 employees found that 70% admitted to using their work computer for personal activities. That is a significant number, and it matters because the risks are real. For a professional services business handling client files, financial records, or confidential correspondence, a single careless habit on a work device can create a serious problem - for the employee and for the business.

Saving personal passwords in the browser is one of the most common habits and one of the most dangerous. When someone lets their browser remember their passwords, those credentials sit on the device. If that computer is reassigned, sent in for repair, or handed off without being properly wiped, whoever picks it up may have access to everything those passwords unlock. That includes personal accounts, but potentially cloud services the employee also uses for work. For a deeper look at how credential habits create exposure, most breaches are entirely preventable with the right controls.

Storing personal files on a work device creates a different kind of problem. Most businesses back up employee computers automatically - which means personal photos, documents, or anything else saved to that machine may end up in a company backup accessible to others in the business. It also means that if the device is reclaimed or wiped, those personal files are gone.

Visiting questionable websites is another habit worth flagging. Most businesses running managed IT have web filtering in place that monitors and restricts access to certain categories of sites. Employees often do not realise that the sites they visit on a work device are visible to whoever manages the IT. Beyond the privacy concern, sketchy websites are a genuine infection risk - and a compromised work device can quickly become a compromised business network. Understanding the types of malware catching businesses off guard shows just how quickly things can escalate.

Letting a family member or flatmate use a work computer - common when people work from home - carries real compliance risk. Under the NZ Privacy Act 2020, businesses are responsible for how client and employee data is handled. If an unauthorised person accesses a work device and views information they should not have seen, that can constitute a privacy breach regardless of whether anyone intended harm. A child clicking the wrong link can also introduce malware that spreads from the device into shared business systems.

Finally, turning off security software - backup tools, antivirus, monitoring agents - because it feels like it is slowing things down is a risk that employees often underestimate. Those tools are installed for a reason. Disabling them, even briefly, can leave a device exposed to ransomware or mean that files cannot be recovered after a failure. Unless an engineer has specifically approved it, those tools should stay on. Building a culture where staff understand these risks is exactly why security awareness training is the defence most NZ businesses overlook.

The practical fix here is not a long policy document. It is clear expectations, set by whoever manages the business, combined with technical controls that reduce the chance of a bad habit becoming a serious incident. A good managed IT support arrangement will include device policy guidance, web filtering, and automatic backup - so that even if someone does something they should not, the damage is contained.

If you are not sure whether your business has those basics covered, ITstuffed offers a free 15-minute IT Fit Check at itstuffed.co.nz/booking. It is a quick way to find out where you stand.