Modern security isn’t just firewalls and antivirus—it’s everyday choices made by people using company laptops. Whether you’re in the office, at home, or on the road, these eight recommendations will help you protect your organization’s data, reputation, and customers.
1) Treat MFA as non-negotiable
Multi-factor authentication (MFA) stops a stolen password from becoming a breach. Enable MFA everywhere it’s offered – email, VPN, password manager, finance and HR tools. Prefer app-based codes or a hardware security key over SMS when possible. If an unexpected MFA prompt appears, deny it and report it; “MFA fatigue” attacks rely on you approving a surprise notification.
2) Use a password manager and unique passphrases
Passwords reused across sites are a gift to attackers after a single leak. Use a company-approved password manager to generate and store long, unique passwords. For your laptop login and critical systems, create a memorable passphrase (for example: four unrelated words) instead of short, complex strings you’ll forget. Never share credentials in chat, tickets, or email, even with IT; they’ll never ask.
3) Update promptly, no “remind me later”
Patches close known holes that attackers automate against. When your device prompts for an update, install it the same day, especially browsers, PDF readers, and collaboration apps. Restart fully at least once a week to finish updates. If a critical patch is announced by IT, save work and update immediately; minutes can matter during active exploitation.
4) Be a skeptic with links, attachments, and QR codes
Phishing is still the #1 entry point. Before you click, hover to preview the URL. Verify unexpected invoices, DocuSign requests, or “urgent” account changes out-of-band (e.g., call the sender using a known number). Be wary of password-expiry scare tactics, shipping notices you didn’t expect, and messages requesting MFA codes. For QR codes in meeting rooms, cafes, or emails, assume they’re risky; if it’s legitimate, you should also be able to access it via the official site or bookmarked link.
5) Use secure networks (and a VPN)
Public and guest Wi-Fi can expose your traffic and device. When away from trusted networks, tether to your phone or use the company VPN. Avoid logging into sensitive systems on hotel or conference Wi-Fi without VPN enabled first. Disable auto-join for open networks and turn off Wi-Fi and Bluetooth when not needed. If you must print or screen-share on a home network, segment work devices to a separate SSID when possible.
6) Protect the device itself: lock, encrypt, and clean desk
A secure laptop is more than a strong login.
- Lock your screen (Win+L / Control+Command+Q) every time you step away.
- Ensure full-disk encryption is enabled (BitLocker/FileVault).
- Don’t leave laptops unattended in cars or hotel rooms; if you must, use a cable lock and store in a concealed location.
- Keep sensitive notes out of view during calls and avoid photographing screens. A clean desk and closed notebook reduce shoulder-surfing risks.
7) Practice least-privilege and safe data handling
Only keep the data you need, where it belongs. Save files to company-approved storage (OneDrive, Google Drive, SharePoint) rather than local “Downloads” or personal cloud accounts. Avoid forwarding work documents to personal email. Before sharing, check access permissions; default to “view” and add time-limited links when appropriate. Don’t install unapproved apps or browser extensions, they can capture screens, keystrokes, or data. If a workflow truly needs an exception, request it through IT so risks can be reviewed.
8) Report quickly and without fear
Speed matters. If you clicked a suspicious link, entered credentials on a fake page, lost a device, saw an unexpected MFA prompt, or noticed strange behavior (pop-ups, new extensions, unusual logins), report it immediately through your company’s security channel. Swift reporting lets the team reset credentials, revoke tokens, isolate devices, and protect others. You won’t get in trouble for reporting; you will help prevent an incident from escalating.
Security is a team sport. When every employee uses MFA, keeps software updated, questions unexpected requests, and reports issues fast, attackers have a much harder time turning small mistakes into major incidents. Start with the recommendation you can implement today, and build from there—your vigilance is one of the company’s most powerful safeguards.