AI, Public Wi?Fi, And Shared Screens: Hidden Dangers Of Personal Use At Work

June 11, 2026

A survey of 1,000 office workers in Ireland found that 31 percent use their work device for personal tasks such as online shopping, social media, and streaming.

The research also showed that 32 percent of respondents admitted clicking on a suspicious link or email at work, and 22 percent had used public Wi-Fi to access sensitive company documents.

Over 25 percent reported entering sensitive company or customer data into an artificial intelligence tool, and one third said they had used unauthorized software or tools to get their work done more quickly.

The survey, commissioned by IT services firm Auxilion, noted that 23 percent of organizations had experienced a cybersecurity breach in the previous 12 months, with the highest rate in the public sector. Nearly a quarter of employees who knew about a breach chose not to report it.

Despite these risky behaviors, 73 percent of workers expressed confidence in their ability to recognize cyber threats, suggesting a gap between perceived and actual cybersecurity practices in the workplace.

Source: https://amp.rte.ie/amp/1545508/

Commentary

The cited survey data above shows that, based on workers using an employer's devices for personal tasks, policies that pretend personal use does not happen or prohibits personal use are ineffective and cause personal use of office equipment to be used secretly. This increases risk.

Proponents claim that employers should instead write acceptable-use rules that acknowledge limited personal use while drawing bright lines where organizational risk becomes unacceptable.

Either way, personal use policies are important for data security. Any personal use policy should state clearly what personal activities are allowed or disallowed on work devices, under what conditions, and which activities, such as installing unapproved software, accessing explicit content, using public Wi-Fi for sensitive work, or inputting customer data into consumer AI tools, are prohibited.

Policies should be paired with technical controls that support compliance, including default encryption, secure VPN connections, multifactor authentication, and restricted installation rights.

Leaders should also set expectations for prompt reporting of mistakes, such as clicking a suspicious link, and make it clear that early reporting will be met with support, not punishment.

Finally, your opinion is important to us. Please complete the opinion survey: