Loaning laptops to employees: best practices and pitfalls to consider

We are WorkTime, a non-invasive employee monitoring software, with 20+ years of experience in the employee monitoring market.

Providing employees with corporate laptops to work outside the office has become common for many companies given the mass transition to a remote work format. This practice offers a number of advantages, as it ensures the proper quality of work devices to perform tasks from home, helps standardize app deployment throughout the entire computer fleet, gives more control over device security and makes it much easier to monitor employee performance At the same time, unlike when employees are using their own computers for working off-site, it involves the additional expenses of acquiring and maintaining laptops. And, which is even more important, the use of work devices outside the office comes with some data security risks, not to mention the higher risk of equipment loss or damage. The article features the best practices for loaning laptops to employees, reveals efficient security policies, points to the most common traps and tells how to avoid them when lending devices and monitoring employees through them.

What are the risks of loaning laptops to workers?

The practice of loaning laptops to workers really comes with certain hazards. When company-owned devices are used outside the corporate premises, they evidently become more exposed to the risk of being lost, stolen or damaged. Employees can take them to work in parks, cafes or airports, and leave them unattended. Statistics show that the loss of just one computer can cost companies up to US $47,000. Apart from the expenses for buying a new laptop, this includes downtime losses and time spent by managers and the support team for the replacement of the device.

#1 risk is the loss or theft of a laptop.

In case of theft, in addition to the loss of the device itself, a leak of data stored on it can cause even more harm to the company. However, security risks are less associated with laptop theft. Much more often, they occur due to inappropriate and unsafe online activities of employees. Working outside the office, they are more likely to get distracted by non-work and potentially risky affairs: visit entertainment websites, download unauthorized apps, play online games, follow suspicious links, etc. Such reckless use of the Internet can lead to malware infection of work devices, which can further cause data breaches in a corporate network. In addition, when working in public places, such as an airport or a restaurant, employees have to rely on unsafe network access points like public Wi-Fi. They may not even realize how easily information can be stolen from a computer connected to the Wi-Fi of their favorite café.

Security risks are less associated with laptop theft. More often, they occur during work hours.

How can home use of work laptops breach company security?

When a company-owned device gets into a worker's home environment, the boundaries between personal and professional use of corporate equipment blur or even disappear entirely. Most employees working from home are absolutely relaxed about utilizing work laptops for their private needs. Especially since most employers do not strictly prohibit this.

Most employees working from home are absolutely relaxed about utilizing work laptops for their private needs.

At the same time, without taking the appropriate measures that we will discuss below, uncontrolled personal use of company-issued computers will almost inevitably lead to serious security vulnerabilities.

Personal use of company-issued computers will almost inevitably lead to serious security vulnerabilities. WorkTime employee monitoring helps detecting and blocking non-work related laptop use.

A study by IBM showed that breaches caused by working from home cost companies an average of USD 1 million more than breaches that happened in the office. According to another research, 24% of executives reported unexpected expenses associated with cybersecurity issues caused by remote work on company equipment.

24% of executives reported unexpected expenses associated with cybersecurity issues caused by remote work on company equipment.

The same study also surveyed employees who had been provided with devices by their employers to work from home. It showed that most workers use company computers for private purposes just because it is convenient. It is not worth switching on a personal laptop to write a couple of messages or quickly view the news since you can easily do it on the work device you are already using. However, some go further, indulging in shopping and gaming. About half of the respondents said they used their work laptop for personal emailing, the same number of employees viewed the news. Almost 40% admitted to online shopping, 25% said they visited social networks. 22% claimed they downloaded unauthorized applications to their work computers. 4.6% confessed to playing online games.

Through private emailing, employees can become exposed to phishing attacks, when letters come from familiar addresses and contain bait that lure victims into hacker traps.

Although most of these activities seem low-risk, they potentially pose a threat to work computers, and therefore to your company network. What kind of threats could it be? For example, through private emailing, employees can become exposed to phishing attacks, when letters come from seemingly familiar addresses and contain all sorts of baits that lure victims into various hacker traps. By visiting unsafe websites, and especially by playing online video games, employees can fall prey to so-called social engineering that manipulates people into curiosity and greed. Seductive ads containing false promises encourage victims to go to malicious sites or download infected applications or give out confidential information.

Downloading alien software onto a work device automatically creates a weak spot in the organization’s security.

In addition, when work laptops are used at home, there is a risk that the employee's family members, such as children, will use the computer, which will lead to uncontrolled Internet usage. However, all these risks can be mitigated if you take a number of preventive steps. One of the ways to control the use of the Internet is to introduce software like WorkTime to monitor the work of an employee on a computer. But this practice will only work in conjunction with other security measures.

One of the ways to control the use of the Internet is to introduce software like WorkTime to monitor the work of an employee on a computer.

How to minimize risks when loaning laptops to employees?

According to an executives poll by Forbes, measures to mitigate the described risks should include 3 major elements.

1. Implementing a security policy to regulate the employee use of company computers that describes tactics to ensure company safety.
2. Cybersecurity training of employees so that they are aware of all possible threats and are able to counter them.
3. Implementing tools and processes, such as limiting administrator user accounts, setting multi-factor authentication, disk encryption, VPNs, introducing monitoring software, etc.

Implementing a security policy should be the first step to mitigating security risks.

What should the security policy include?

The security policy should cover all regulations regarding safe laptop use by employees. It is worth developing a regulatory document that describes all the necessary requirements and recommendations. By signing such a document, the employee assumes responsibility for both the physical safety of the device and its secure use.

It is worth developing a regulatory document that describes all the necessary requirements and recommendations.

The agreement should give the employee a clear understanding that by borrowing a laptop from the company, he becomes personally responsible for its safety.

A borrowed laptop becomes a personal responsibility of an employee.

It is preferable that he does not take the computer out of the house unnecessarily. If he takes the computer with him, he must carry it in a computer bag or briefcase, don't leave it visible in the car, be especially watchful when working on it in public places and not allow anyone, including family members, to use it. The document should outline to what extent a worker is allowed to use a device for personal purposes, whether he can install unauthorized applications and if he can, what kind of apps are allowed.

The document should outline to what extent a worker is allowed to use a device for personal purposes.

It is also important to specify the responsibilities associated with the cybersecurity of the device. Employees should regularly update the antivirus installed on the laptop, immediately respond to messages about the detection of a virus on the computer, and also report any security incidents to the company's support service. They should only set strong passwords, keep them secret, and use the security tools described below.

Employees should regularly update the antivirus installed on the laptop. Passwords should be managed properly.

Why is employee training important for risk mitigation?

Outside the office, workers tend to be more frivolous when it comes to cybersecurity matters. Besides, often they are simply unaware of certain types of security threats they can face. These two factors are alarming because 82% of data breaches happen due to human error. That is why employee training is key for risk mitigation, especially when company hardware is used off-site. Technical solutions are not able to protect the system if a human makes a serious security error.

Most data breaches happen due to human error. That is why employee training is key for security, especially when company hardware is used off-site.

Training should cover the following:

• ● secure password management
• ● instructions on allowed and forbidden sites and apps
• ● understanding of social engineering and how not to become a victim of it
• ● tips on how to spot phishing attempts
• ● instruction on using security tools that will be described below

What tools and processes should be put in place?

When corporate equipment is supposed to be used outside the office space, it is especially important to implement all necessary technology and practices to protect it from all possible security threats. The following tools are worth considering in this regard.

• Antivirus is the cornerstone of any computer’s cybersecurity and it is used by any company or individual by default. But still, note that it is essential to install advanced antivirus systems that use AI-driven predictive analytics and machine learning for smart threat detection.
• Firewall is also important as it protects local laptops from affecting by any suspicious network traffic and forbidden applications.
• Hard disk encryption is vital when you loan a computer to an employee. It protects the data stored on the device even if it is stolen. A thief will not be able to access documents without the encryption key or password. Encryption tools are available both on Windows and Mac OS

Hard disk encryption is vital when you loan a computer to an employee. It protects the data stored on the device even if it is stolen.

• 2-factor authorization is an access management capability that will help you to protect your corporate network and data even in case hackers manage to steal credentials to log in to your system. Since password leakage is becoming more common, this tool is a must-have. You should set it on all programs and applications that will be used by a worker.
• Setting up a VPN is another critical measure when it comes to issuing a corporate device to an employee. It is crucial for situations when a worker uses public Wi-Fi. Virtual private networks protect company data by creating encrypted tunnels for transmitting the information.
• Setting a password screensaver is an additional layer to protect a borrowed device from unauthorized access. It blocks the computer when it is left unattended by an employee.

Setting up a VPN is crucial for situations when a worker uses public Wi-Fi.

• For use in public places, it is probably also worth adding a so-called privacy screen onto a laptop. It limits viewing angles making it difficult for strangers to see the content on the screen.
• File backup is a simple yet often underrated practice that helps to easily restore documents in case of data loss
• It is also essential to regularly update the operating system, applications and most importantly antivirus.
• Finally, implement employee monitoring software. It enables you not only to track worker discipline productivity but also to detect when he is visiting inappropriate sites or using forbidden applications.

Employee monitoring software not only tracks worker productivity but also detects visits to inappropriate sites or uses of forbidden applications.

In addition to the security measures, you can also utilize laptop management tools which make it much easier to control your computers wherever they are situated. From a single dashboard, you can see the status and location of all the laptops and be aware of when a computer needs an update or maintenance.

How to monitor workers via company-owned laptops?

When you issue laptops to remote employees, you can monitor every activity on those devices from various angles. The legal possibilities for this are practically unlimited. Many employers use them to take maximum control of workers which, however, can cause privacy issues and almost certainly will lead to employee distrust, loss of confidence, and reduced productivity. You can monitor workers via the software that tracks employee responsibility and performance. There are many such tools on the market. But in order to avoid possible negative consequences of monitoring, when choosing a solution, it is important to strike a balance between control and privacy and use only non-invasive monitoring tools and methods.

To avoid possible negative consequences of monitoring, it is important to strike a balance between control and privacy and use only non-invasive tools like WorkTime.

What can you legally monitor on company-owned computers?

Employers have the right to monitor absolutely everything on the company's computers. This right is enshrined in law in the United States, Europe and many countries of the world. You can monitor websites visited and applications used (and evaluate the productivity of those sites and apps), stored documents, downloads, log-in and log-out time, idle time, etc. The law also allows employers to introduce monitoring methods that are ethically questionable and ultimately unproductive. For example, keystroke logging, screenshots and screen recording give you access to personal data, such as private emailing and messages which is excessive and demoralizing.

The USA law allows employers to introduce a wide variety of monitoring methods. WorkTime employee monitoring is developed in accordance with the USA, Europe, Australia, Indonesia, India laws.

In the US, there is no legal obligation to notify employees that they are being monitored. At the same time, in most countries, including EU countries, such notification is mandatory.

5 good monitoring methods: legal and beneficial

The following monitoring methods are absolutely legal and at the same time ethical; they provide insights into employee performance from various angles and, if applied correctly, can significantly improve employee productivity. All of them are available in WorkTime.

WorkTime provides legal, ethical and informative monitoring methods for measuring employee performance from various angles and improving worker productivity.

1. Attendance monitoring. Helps to track how diligently the employee follows the work schedule. Poor attendance is one of the probable causes of workers’ decreased performance. This method is used for tracking the time of logging in and logging out of the employee’s work laptop, i.e. you can see when the individual started and finished working on his computer.

1. Computer activity monitoring. Enables you to define how active a worker was on his work laptop between logging in and logging out. In particular, it shows how much time the employee was idle doing nothing on the computer and how much time he was working on tasks.

When employees know their distraction scores and understand how to improve them, they tend to become more focused on tasks.

1. Productivity tracking. With this method, you can define how productive an employee was when he was active. In particular, you can see if the sites he visited and the applications he used were helpful for performing his tasks. Sites and applications that are not related to work are marked as unproductive. You can evaluate the total amount of productive and unproductive time, as well as which productive and unproductive resources were involved.

1. Distraction scoring. This metric helps to understand to what extent an individual is unfocused during working hours, how often he changes tasks, websites and applications, switches from productive sites and apps to unproductive ones, and gets distracted by constant online meetings. When employees know their distraction scores and understand how to improve them, they tend to become more focused on tasks.

Keystroke counting doesn’t involve capturing any content and therefore does not invade worker privacy.

1. Keystroke counting. This is another way to track worker activity on the computer. It identifies the intensity of keyboard use by an employee, showing how many keys were pressed in total and the number of keystrokes per various applications. It's important that this method is focused on numbers, it doesn’t involve capturing any content and therefore does not invade worker privacy.

To get the maximum benefit from monitoring and increase worker productivity, three conditions must be met.

1. You are absolutely transparent with workers in this matter. You will not be able to hush up employee monitoring for a long time, and actually, there’s no single reason to hide it. If you explain to workers why and what you are monitoring, they will be sympathetic to this initiative and respond to it with enthusiasm.

To get the maximum from monitoring, be transparent, use ethical, privacy-conscious methods and tools, and share the results with employees.

2. You are using ethical, privacy-conscious methods and tools. Privacy is extremely important in this matter. Monitoring should be approached with great respect for the employee’s personal life and only non-invasive methods and tools should be used. Otherwise, you may face serious ethical and possibly legal problems.
3. You are sharing the results of monitoring with employees. Stay on the same page with your employees. Give workers a clear picture of their current performance metrics and your expectations of them. Thus, they will feel not like only objects of monitoring, but like full-fledged participants in this process.

WorkTime provides purely non-invasive capabilities that cover all your needs for employee monitoring and boosting their productivity.

3 bad monitoring methods: legal yet invasive

Many managers who have implemented software for tracking the productivity of remote employees during their work on company-issued laptops fall into the so-called “monitoring paranoia”. They strive to establish as meticulous surveillance of employees as possible. However, some of the methods they use are not only excessive but also harmful to the organization.

1. Keylogging. Unlike the keystroke counter, which gives you only numbers, keylogging enables you to capture the content of the text typed on the keyboard by an employee. Thanks to this hacking capability, you gain access to private correspondence, passwords and other personal information that you absolutely do not want to know.

2. Screen content capturing. Screenshots and screen recordings allow you to see everything that appears on a worker’s monitor. This way you can get excess to all open files, web pages, and content of personal letters and messages. This method is absolutely excessive and extremely invasive.

Screenshots recordings allow you to see everything that appears on a worker’s monitor including personal messages. This method is excessive and extremely invasive.

WorkTime offers a safe, non-invasive screenshot replacement. You get the numbers, not the images!

Manage laptop usage with WorkTime employee monitoring!



Start free trial
3. Webcam surveillance. This spy-like practice seems to be even more objectionable when it comes to monitoring workers outside the office. It enables you to pry at every employee's activity in front of his laptop. It is absolutely useless and invades privacy in the worst way.

To conduct ethical, privacy-conscious and constructive monitoring, take advantage of WorkTime, the only non-invasive monitoring software on the market.

All these methods are counterproductive as they create an unhealthy work environment. Realizing that they are totally controlled, employees feel unmotivated and stressed. As a result, their productivity decreases. More importantly, such monitoring violates the privacy of employees demoralizing them, destroying their trust and raising ethical and sometimes legal issues. As a result, you run the risk of increasing employee churn, damaging your reputation, losing your best workers and having great difficulty attracting new ones.

2 main practices of loaning laptops to employees

Finally, we will focus on two main ways of loaning computers to employees. In general, there are several approaches to using equipment at remote work. All of them can be divided into 2 categories: 1) the employee uses the company-owned device (COD), and 2) the employee works on his personal laptop. When you are providing an employee with COD, you can opt for one of two major formats: COPE and COBO. First means company-owned, personally enabled. Second stands for company-owned, business only. Both have advantages and drawbacks.

COPE is the most comfortable format for employees, they do not have to switch to their own laptops for personal tasks. They can do everything from one device.

The COPE format implies that the employee uses the laptop primarily for work tasks, but can also use it for personal purposes: send and receive private letters and messengers, view non-work web resources, browse news and social networks, download files and applications, etc. This is the most flexible and employee-friendly format, as workers do not have to constantly switch to their own laptops for personal tasks. They can do everything from one device. While most employers opt for COPE, it presents some challenges for them as the personal use of work equipment increases safety risks for the reasons outlined above. In addition, a clear line should be drawn between what can be monitored on this laptop and what cannot, since this is private information. However, this problem is easily solved by non-invasive tools like WorkTime that make it just impossible for an employer to obtain any personal data.

A clear line should be drawn between what can be monitored on the COPE laptop and what cannot. However, this problem is easily solved by non-invasive tools like WorkTime.

COBO is a stricter format that prohibits employees from using their work laptops for any personal purposes.

COBO is a stricter format that prohibits employees from using their work laptops for any personal purposes. It somewhat reduces security risks, but at the same time is the least convenient for employees. Especially in cases when they have to work outside the home and have to take both personal and work devices with them. Very few organizations choose COBO as it limits employees and ultimately reduces their job satisfaction and therefore their performance.

The bottom line

Loaning company-owned laptops to remote employees ensures compliance of computers with corporate quality and safety standards. Employers can be sure that workers are provided with the proper equipment to perform tasks. In addition, employees are less likely to get distracted by non-work computer activities when they work on corporate devices.

The easiest way to balance the need for control and respect for employee privacy is to implement a non-invasive monitoring tool like WorkTime.

Besides, when employees use company computers, it expands your ability to monitor their work, as you can track any activity on corporate equipment. However, in this matter it is critically important to observe the line, balancing the need for control and respect for the privacy of workers. The easiest way to do this is to implement a non-invasive monitoring tool like WorkTime. Want to see the benefits of non-invasive monitoring? Try WorkTime, the software designed for tracking and boosting employee productivity!