PrivacyGear .nl
Updates Search NL
PrivacyGear .nl
Context profile

Profile: student or employee

This is not a base profile but a context profile. You use work or study equipment alongside personal devices. How do you keep work, study and personal life genuinely separate?

Profile: student or employee

Profile: student or employee

Who this guide is for

This profile is for people who use work or study systems alongside personal devices and need cleaner separation between those environments.

You have a work laptop, a study account, or both. Maybe you work from home. Maybe you also use your personal phone for work email. The line between work and personal has blurred — and that creates risks on both sides.

Use this profile on top of your base profile.

For most people, this is not a separate threat level but an extra layer on top of their normal situation.

  • If the default route still fits you, combine this with the normal baseline.
  • If you are privacy-conscious and trying to move away from Big Tech, combine it with Profile: privacy conscious.
  • If you work in a sensitive field such as healthcare or IT, this profile sits on top of your professional profile instead of replacing it.

The core issue here is not “more paranoia” but strict separation.

The goal is not to maximally harden every device. The goal is to prevent work, study and personal life from bleeding into each other in ways that are hard to reverse later.

When this is overkill

If your work and study exposure is minimal and you do not use employer or school systems outside obvious contexts, you may not need a full separation strategy yet. This profile matters once accounts, devices, and cloud sync are actually crossing between personal and institutional life.

What are your real threats?

Employer monitoring on work devices A work laptop belongs to your employer. They can — and often do — install software that can view your screen, log keystrokes, or block websites. What you do on a work laptop is not private.

Data loss or breach through work If your work account is compromised, an attacker gains access to company data, colleague information, and customer data. That is your responsibility — and potentially your liability.

Phishing targeting employees Business phishing (also called “spear phishing”) is more personal and convincing than generic attacks. A fake email from “HR” with an attachment, a fake invoice to “finance” — these attacks happen every day.

Credential stuffing If a password from a personal site leaks, attackers automatically try it against your work email. One password for everything is a ticking clock.

Unsecured home network Working from home means company data travels over your home router. If that router is outdated or uses default passwords, that’s a risk.

Accidental data sharing Cloud sync (Google Drive, OneDrive, Dropbox) on a work laptop can push company files to personal accounts — or the other way around.

What you gain, and what it costs

If you apply this profile seriously, you typically gain:

  • less chance that a personal breach reaches work or study
  • clearer boundaries between accounts, apps and devices
  • less confusion about which data belongs where
  • a setup that holds up even when working from home or hybrid

But it costs something:

  • more discipline around separate browsers, profiles and accounts
  • sometimes extra friction because work and personal no longer run conveniently together
  • occasionally duplicate apps or separate logins on the same device

For this profile that is usually a reasonable trade. The convenience of mixing everything is often exactly what causes the real problems here.

The main rule: separate work, study and personal life

The golden rule: never use personal accounts on work devices, never use work accounts for personal things.

In practice:

  • Never use your work email for personal registrations
  • Never use your personal email for work matters
  • Don’t install personal apps on a work laptop unless permitted
  • Use a separate browser or browser profile for work

On a phone, follow this order:

  • on standard Android, start with an Android work profile — the practical way to separate work and personal without a new device
  • on iPhone, use the iOS work/personal guide to separate notifications, accounts and browser use
  • only look at GrapheneOS profiles if you have already chosen GrapheneOS or need heavier separation

The work profile is built into Android 5.1+, but for personal use without employer MDM you need an app like Shelter to set it up yourself. On iPhone, Focus mode provides useful separation of notifications and apps per context. True app isolation like a work profile does not exist on iOS without company MDM.

Behaviour checklist

Account security

Device separation

  • Never work on a personal device unless through VDI or approved tools
  • Use a separate browser profile or browser for work — pick a personal browser through which browser should you choose? if you want to keep it separate from work
  • Don’t sync work files to personal cloud storage

Home network

  • Change the default admin password on your router
  • Check that your router firmware is up to date
  • Use WPA3 if your router supports it (otherwise WPA2-AES)

Phishing awareness

  • Always check the actual sender email address (not just the display name)
  • Never click links in emails — go directly to the site via your browser
  • Attachments from unknown senders: never open without verification
  • When in doubt: call the sender on a known number

Students: extra points

Student email after graduation Your student account expires after you leave. Never register personal services with your student email — you will lose access.

Free software from the university Universities often provide Office, Adobe, and other software for free. That software sometimes includes monitoring components. Be aware of what you’re installing on personal devices.

Open networks on campus Campus networks are often open or poorly secured. Use a VPN if you’re handling sensitive information, but treat that as a network layer — not a replacement for account or device discipline.

Tools that help

SituationToolCost
Password managementWhich password manager should you choose?Free
2FA tokensTwo-factor authentication guideFree
Work/personal separation on phoneAndroid work profile / GrapheneOS profilesFree
Securing home networkWhich network fits your situation?Free up to €85–110
VPN for public networksVPN comparison€5/month

Use this table in order. For most readers, passwords, 2FA and device separation are more logical first steps than network hardening or a VPN.

What your employer expects — and what you can expect

Your employer has the right to protect company data. You have the right to privacy of personal data.

That boundary runs at the device:

  • Work device: employer has control
  • Personal device: you have control

If your employer requires you to manage personal devices with MDM (Mobile Device Management), you have the right to refuse — or to ask exactly what is being monitored. Under Dutch employment law, employees are not obligated to install employer MDM on personal devices, and employers must be transparent about what is tracked. (Note: rules in other jurisdictions may differ.)

The better question is not just what is technically possible, but whether a separate work device or work profile is the more realistic boundary between employer and personal.

How to use this profile

Use this profile as a separation checklist:

  • Which accounts belong only on work or study equipment?
  • Which apps should never be on your personal phone?
  • Which browser, cloud storage and email addresses do you keep strictly separated?

If that separation is not clear yet, start there. Extra tools only help afterwards.

Next step

Start here

Also relevant

Reviews and further reading

← Back to profiles