Why You Shouldn’t Mix Personal and Business Browsing

Unlocked Padlock
Using browser profiles is extremely useful. It allows you to sign in on multiple devices and get the same bookmarks, passwords, and history across your devices. BUT, you should never use the same profile for work that you use for your personal browsing, and for good reason.

Don’t Use Personal Browser Profiles At Work

Assume that on your work computer, your company can see everything that you do. That’s not always the case, but some IT departments do actively deploy monitoring software to see employee activity. Even if they don’t, your company has the right to see it and could ask you at any time, or even get IT to change your password to log in as you.

In another scenario, some businesses, when staff leave, rather than setting up new accounts for the replacement may simply change the name on the existing account. That means that your replacement would potentially have access to all your browsing history and saved passwords if you store them on your company device!

Don’t Mix Business and Personal Browsing From The Same Profile

Here’s a perfect example of why you should not mix up your work and personal browser profiles:

Unauthorized Access to Okta’s Support Case Management System: Root Cause and Remediation | Okta Security

Okta is a single sign-in tool that is used like a password manager and can sign you in to sites with one click. Very useful!

Unfortunately for them, one of their staff signed into their personal Google account in their browser and they then saved their Okta password in that account.

Hopefully all your business online accounts are protected by MFA which should be enforced, but that’s not the case with personal accounts which you need to set up yourself. Here the employee’s personal Google account was compromised and with it, all the employees personal passwords they had stored in their browser, including their administrative login to the Okta system. This gave the attacker access to their Okta account and with it, the accounts of the companies the employee managed.

The unauthorized access to Okta’s customer support system leveraged a service account stored in the system itself. This service account was granted permissions to view and update customer support cases. During our investigation into suspicious use of this account, Okta Security identified that an employee had signed-in to their personal Google profile on the Chrome browser of their Okta-managed laptop. The username and password of the service account had been saved into the employee’s personal Google account. The most likely avenue for exposure of this credential is the compromise of the employee’s personal Google account or personal device. 

How To Balance Work and Personal Browsing

Everyone needs to take a break at work, and that might mean using the internet for personal browsing on your company device, and most of the time this is going to be fine. If you’re reading the news, maybe even watching YouTube, there’s not a lot that can seriously go wrong (but do check your company’s IT Policy about that).

Assuming that this is all OK, I would still recommend that you take a few extra precautions to protect your company and personal data from cross-contamination.

Use Private Browser Sessions

Use Private Browser Sessions
Use Private Browser Sessions

Private browsing doesn’t mask or hide what you access on the internet and this is still visible to the ISP, and possibly your company IT Department. But, it does delete the browsing history when the browser is closed. This stops it appearing in the history of the main session.

It’s also very useful if you have multiple accounts on the same platform, such as Microsoft 365, allowing you to use your preferred browser for multiple concurrent sign ins.

How to Open Private Browsing Windows – Macnamara ICT

Use Multiple Browsers

Use Private BrowUsing private sessions doesn’t prevent you saving personal passwords in your company browser, or vice versa. If you have multiple browsers installed, use a private session on another browser you don’t use for work. For example, if you have Edge for work signed in with your M365 account, use a private Chrome session, without a signed in profile, to browse during your lunch break.

Never Save Personal Passwords at Work, Or Work Passwords At Home

Just get in the habit of not saving any personal passwords in your work browser. If your company allows you to work from a personal device, have a work profile set up and keep your activity separate.

How to Sign in to Edge Browser – Macnamara ICT

Setting Up A Sync Account in Firefox and Chrome – Macnamara ICT

Set Up MFA On Your Personal Accounts

MFA is not just there to protect company data, it’s there to protect you! Make sure all your personal email accounts, bank accounts, and anything else that you use has MFA enabled. If anyone ever gets hold of your password, they won’t be able to access your account without your phone. If you store passwords in your browser, make sure at the very least that account has MFA enabled so at least you’re not exposing your saved passwords.

Why Use Multi-Factor Authentication? – Macnamara ICT

Like this article?

Share on Twitter
Share on LinkedIn
Share by Email

Subscribe to our monthly newsletter

Get the best IT tips and Office ideas in your inbox

Further reading

DLP Icon

Data Loss Prevention Policies in M365

Data Loss Prevention (DLP) policies in Microsoft 365 (M365) are useful security measures designed to monitor or prevent legitimate, inadvertent or malicious sharing of sensitive information outside of an organisation. As companies have moved away from on-premises servers for file storage towards M365 SharePoint and OneDrive, more and more are using it to save all their company data. But many business are not using the full range of functionality and background security features that make M365 a truly powerful modern tool for work and collaboration.

Read More »
New Outlook

How To Add a Shared Calendar to the New Outlook

The “New Outlook” for Windows introduces a range of exciting features, intelligent assistance capabilities, and a sleek, simplified design to enhance your email and calendar experience. With these updates, you can tailor the app to fit your unique style and boost your productivity like never before.

Read More »
New Outlook

How To Schedule and Snooze Your Emails with the New Outlook

Microsoft’s New Outlook is a modern, streamlined version of the popular email client, designed to enhance productivity and provide users with a more experience. Featuring a sleek interface and improved functionality, New Outlook integrates seamlessly with other Microsoft 365 applications.

Read More »
Scroll to Top