Threat profile: student or employee
You use work or study equipment alongside personal devices. How do you protect yourself and your employer, and how do you keep work and personal life separate?
Threat profile: student or employee
You have a work laptop, a study account, or both. Maybe you work from home. Maybe you also use your personal phone for work email. The line between work and personal has blurred — and that creates risks on both sides.
What are your real threats?
Employer monitoring on work devices A work laptop belongs to your employer. They can — and often do — install software that can view your screen, log keystrokes, or block websites. What you do on a work laptop is not private.
Data loss or breach through work If your work account is compromised, an attacker gains access to company data, colleague information, and customer data. That is your responsibility — and potentially your liability.
Phishing targeting employees Business phishing (also called “spear phishing”) is more personal and convincing than generic attacks. A fake email from “HR” with an attachment, a fake invoice to “finance” — these attacks happen every day.
Credential stuffing If a password from a personal site leaks, attackers automatically try it against your work email. One password for everything is a ticking clock.
Unsecured home network Working from home means company data travels over your home router. If that router is outdated or uses default passwords, that’s a risk.
Accidental data sharing Cloud sync (Google Drive, OneDrive, Dropbox) on a work laptop can push company files to personal accounts — or the other way around.
The separation: work and personal
The golden rule: never use personal accounts on work devices, never use work accounts for personal things.
In practice:
- Never use your work email for personal registrations
- Never use your personal email for work matters
- Don’t install personal apps on a work laptop unless permitted
- Use a separate browser — or a separate browser profile — for work
On a phone: use an Android work profile (built into every Android, no custom ROM needed) or GrapheneOS profiles to isolate work apps from personal apps. On iPhone, use a separate Apple ID or Focus mode to separate work and personal. See the profiles guide.
Behaviour checklist
Account security
- Unique passwords for every work account (password manager)
- 2FA on your work email — set it up if it isn’t already
- 2FA on your personal email — phishing via a personal account can reach work
- Check whether your work email has appeared in a breach: haveibeenpwned.com
Device separation
- Never work on a personal device unless through VDI or approved tools
- Use a separate browser profile or browser for work
- Don’t sync work files to personal cloud storage
Home network
- Change the default admin password on your router
- Check that your router firmware is up to date
- Use WPA3 if your router supports it (otherwise WPA2-AES)
Phishing awareness
- Always check the actual sender email address (not just the display name)
- Never click links in emails — go directly to the site via your browser
- Attachments from unknown senders: never open without verification
- When in doubt: call the sender on a known number
Students: extra points
Student email after graduation Your student account expires after you leave. Never register personal services with your student email — you will lose access.
Free software from the university Universities often provide Office, Adobe, and other software for free. That software sometimes includes monitoring components. Be aware of what you’re installing on personal devices.
Open networks on campus Campus networks are often open or poorly secured. Use a VPN if you’re handling sensitive information.
Tools that help
| Situation | Tool | Cost |
|---|---|---|
| Password management | Bitwarden (sync) / KeePassXC | Free |
| 2FA tokens | Aegis (Android) | Free |
| Work/personal separation on phone | Android work profile / GrapheneOS profiles | Free |
| Securing home network | GL.iNet router with OpenWrt | €85–110 |
| VPN for public networks | Mullvad | €5/month |
What your employer expects — and what you can expect
Your employer has the right to protect company data. You have the right to privacy of personal data.
That boundary runs at the device:
- Work device: employer has control
- Personal device: you have control
If your employer requires you to manage personal devices with MDM (Mobile Device Management), you have the right to refuse — or to ask exactly what is being monitored.
Next step
- Two-factor authentication guide
- VPN: what it does and what it doesn’t
- iPhone privacy settings — work/personal separation on iOS
- Android privacy without a custom ROM — Android work profile explained
- GrapheneOS profiles: separating work and personal
- All security guides — overview of all security guides
Reviews: