I’ve had a laptop stolen at a conference. I also remember poor designs that meant a liquid spill would instantly kill a laptop. I have also changed jobs plenty, usually voluntarily. I have developed some habits that I recommend no matter how careful you are with equipment or what shape your job is in. Gear can fail, perhaps without you even doing anything wrong. Tech workers in the US are at will employees, and either side can bring the relationship to an end if they choose to do so.
Devices
Principle: keep personal compute separate from work compute. A sensitive data detection product is going to surface all the personal stuff you have on the employer’s laptop. This is not done because the employer wants the data, but rather because they very much do not want it and are looking for risks. Your personally identifiable information (PII) and personal health information (PHI) is their problem. It’s not really that inconvenient to use your own device to talk with your doctor, broker, lawyer, and accountant from the office during a break. The law is also on the employer’s side when it comes to other personal things you might want to do, such as looking for your next job or chatting with your friends.
Methods: Personal things stay on personal devices. Buy your own laptop or tablet and use it to do all of your personal life stuff. Modern phones are pretty good about keeping work and personal profiles separate, and I’ve comfortably kept the same personal phone through three employers. I’m okay with accepting their MDM profile, disabling accounts when I’m on vacation, and removing it when I leave. If the employer provides a phone, then great, leave your stuff off of it and carry two phones. You’ll almost certainly have to have a phone to act as second authentication factor to your work accounts, and portable access to Slack and calendar are very useful; if I felt it necessary to completely seperate work and personal phone, I would buy a new personal phone and relegate my older one to work only.
Work things belong in the cloud. While my day-to-day work process involves a lot of small local text files, I regularly transition this stuff into the cloud. Call notes go into the corporate shared file system (Google Drive, Microsoft Sharepoint, Box, &c), shared working documents go into the corporate business documentation system (Google Drive or Microsoft Sharepoint), finished guidance materials might live in the business documentation tool or an engineering facing tool (Confluence, Notion, Github, Mediawiki, &c). Ideally that’s an automatic process, but practically it might be more manual. Configuration choices for local software should be something you store in the cloud as well, either directly (such as a copy of your .vimrc) or indirectly (such as a list of installed utilities). A work laptop should be very quickly replacable with a loaner.
Accounts
Principle: keep personal data separate from work data. As above, but for cloud storage where the location and ownership are purposefully obfuscated by the cloud storage provider. Don’t use personal services on the work laptop, don’t use work services on the personal laptop. It’s certainly possible to carefully configure access so that your personal data isn’t cached to the work laptop and you can just access that one app you wanted to get from the app store or play your music while your work. It’s also possible to screw that up, or not follow some capricious behavior change on the part of a behemoth corporation, and now your personal stuff is on the device. That’s bad, but now consider how easy it would be to save something into your personal account instead of the work account, and now you’re in trouble for IP issues. Google’s particularly bad about this; it’s been years since I’ve allowed work laptop to access my personal account, but because my phone has access to work and personal accounts, they cross-reference and offer me the opportunity to sign into personal account on my work laptop all the time.
Methods: Be mobile-first for personal activities. Don’t sign into the work laptop with your Apple or Google accounts. Instead, simply don’t sign in if that’s possible — my last three work laptops have not been signed into Apple services at all. Windows doesn’t allow that, so I have a throwaway account that I use when I need to spin up a Windows VM for work.
Calendar: Invite your personal email to your travel-related calendar items so your family can see where you’re going to be at, when. Otherwise, don’t share visibility.
Software: Use free versions or separate licenses for the software utilities you want on work laptop if work doesn’t provide equivalents (in my case, BBedit, CleanShot X, Balsamiq, homebrew, ripgrep, htop, bluesnooze, pyenv, meetingbar, vim, zsh-git-prompt, noTunes, and the-clock. I avoid browser extensions but the Chrome extension Meetings Page Auto Closer for Zoom is quite handy.
Sharing: I use AirDrop for the rare need to share a link or file between devices (e.g. transferring tax documents or that handy list of software utilities).
Communication and music away from home: My phone is quite handy for these things. I have a keyboard and stand for when I want to have a longer conversation.
Not signing into your personal account does produce an annoyance in the Apple ecosystem: your headphones won’t autoconnect and you have to use the bluetooth menu to connect them once or twice a day. I understand that if you wear an Apple Watch and want it to automatically unlock the laptop that also requires sign-in with a single account. To me these are small prices to pay, but your mileage may vary. Two places where I choose to blur the sign-in line are LinkedIn and GitHub. LinkedIn is a personal account, but it’s mostly used for work-related purposes, so I do typically sign into it on work laptop. GitHub is pretty impossible to use on a phone, so I typically use an alternate browser to do things like testing access to work repositories.
Office Space
If you work in an office, it can be nice to have some personal touches about. I have lost a number of tchotkies and art pieces to offices this way. Maybe you’ll have an opportunity to bring it all home, maybe you won’t or just won’t want to. I recommend that you only bring stuff you wouldn’t mind walking away from to the office. It’s just simpler. If you don’t work in an office, your work has probably budgeted some dollars for your office setup, and some equipment for you to use (a laptop, a dev/test workstation or test kit). The office setup dollars are water under the bridge, that monitor or keyboard or whatever is almost certainly yours now in return for not suing the employer for repetitive stress injury (RSI) costs. They do expect that the other equipment is returned though. The norm is to send you a box and prepaid label, but if you’re close to an office the employer might accept in-person return. Find out in writing. There’s almost certainly a smoothly automated process for doing this, so it’s a bit concerning if Alice says “oh gee I don’t know, try dropping that stuff off at the Albuquerque front desk?” Same thing probably goes if you’re returning a damaged laptop, best to be sure that IT doesn’t want it back or how they want it returned.
This set of principles and methods has been handy when I’ve stayed in one organization for many years and when I’ve moved on more quickly. It’s just good hygiene to maintain boundaries between your data and your employer’s data.
Monkeynoodle.Org 