New year, new password habits

Save up to

Why work devices aren’t for holiday shopping

Maciej Bartłomiej Sikora
Content Writer
holiday shopping

Let’s be honest—we all use company devices for personal stuff, especially when ‘tis the season. While on the hunt for the perfect gifts for our loved ones, we tend to use whatever’s at our fingertips, often overlooking security protocols. Though this may seem harmless, the risks are real, and things can quickly turn from merry and bright to dark and gloomy….

Gift shopping on the job—what can go wrong?

The short answer? A lot. To put it more clearly though, if we do our holiday shopping at work—especially at the last minute (like most of us do)—we can make mistakes that may later put both ourselves and the whole company at risk. Here’s what can happen when we get too caught up in the gift-giving frenzy:

We can jeopardize security by visiting shady websites

Who hasn’t checked out a sketchy-looking website in search of a great deal on something usually overpriced? Exactly. Sometimes, we get lucky, score the discount, and everything goes smoothly. But other times, we end up on a site designed to trick us into giving up personal info or paying for gifts that never show up.

When we visit these scam sites—especially ones without HTTPS encryption—on a work device, we risk infecting it with malware or unintentionally exposing company data. Once the device is infected, malware can stealthily track keystrokes, steal sensitive information, or even grant hackers remote access to your device. This, in turn, could open the door for attackers to get unauthorized access to company resources. This is all to say that every interaction with these sites could cause personal damage or create a hole in your company’s online security.

We can fall for fraudsters' tricks and expose company data

For cybercriminals, the holiday season is actually hunting season. With all the hustle and bustle, it’s the perfect time for them to use phishing tactics to trick people into giving up sensitive information, which they can later exploit for other criminal activities.

And when the victims are using work devices? That’s even better for them. Why? Because it’s easier to get these individuals to reveal business email addresses, phone numbers, and company credit card details, or to make them reuse passwords across personal and work accounts. In each case, the data they steal can later be used not only to hurt one person but also to put the entire company at risk.

We can mistakenly reuse work-related passwords

While shopping for holiday gifts online, we're often asked to create an account on a website. If we're not careful when doing so, especially on a work device, it's easy to accidentally autofill or type in a password that's linked to one of our work accounts.

If the website is shady, we’re basically handing hackers the digital key to our company’s services. And even if the site is legitimate, there's still a risk—if it gets hacked (which can happen at any time), attackers might steal the credentials you created and use them to try to break into other accounts.

So, what can you do to keep things festive?

We get it—what we've discussed so far isn’t exactly in the holiday spirit. But don’t worry, we’re shifting gears! Let’s focus on some practical solutions to help you and your colleagues avoid taking risks this holiday season. Let’s start with…

Stop with password recycling

If you use the same password across multiple accounts (especially for both your business and personal accounts, which is a big no-no), it’s time to make a change. Each business account should have a unique, strong password—think 16 characters or more, with a mix of letters, numbers, and symbols. If that feels like too much to handle, it’s probably a good idea to invest in a solid password manager. And hey, why not get the whole team on board with it? The more secure, the better!

Always check if a website is legit

Today’s internet is, unfortunately, packed with scam sites that can look shockingly similar to official websites for banks, government agencies, or social media platforms. So, staying cautious is key. Therefore, pay close attention to the domain name—watch out for sneaky misspellings.

Also, check if the URL starts with “https” to confirm the connection is secure. Then, look for missing details like contact info or buttons that should be there but aren’t. And if you’re on a site you’re not familiar with, take a minute to search for user reviews or online mentions to make sure it’s the real deal.

Establish a robust company-wide password policy

If you’re in charge of your company’s cybersecurity, developing and enforcing a strict password policy should be a top priority. This means setting clear rules employees must follow when creating passwords for their business accounts, like “make it at least 18 characters long” or “use symbols at least 5 times.” 

With a policy like this in place, everyone stays on the same page about using strong, secure passwords—not weak ones like “123456,” which, according to our 2024 Top 200 Most Common Passwords report, is still the most-used password in business settings.

Enable multi-factor authentication (MFA)

You’ve probably used multi-factor authentication (MFA) before—it’s that extra step after entering your password where you confirm your identity with a code, a fingerprint, or something similar. While it might feel like a hassle sometimes, MFA is one of the most effective ways to protect both personal and business accounts. Why?

Because even if someone gets hold of your password, they can’t access your account without that second layer of security. For businesses, requiring employees to use MFA is a no-brainer. With data breaches becoming increasingly common, that extra step is a small effort compared to the staggering cost of a breach—which is pushing close to $5 million these days.

Educate employees on potential risks

We cannot enforce rules or expect employees to follow security practices without providing sufficient context for why they should act a certain way. That’s why clear communication is essential for building a stronger cybersecurity posture. 

Take something as simple as explaining the risks of using work computers for holiday shopping—it can often lead to better results than imposing overly strict restrictions, which might just frustrate everyone. So, invest in engaging training sessions and create informative, fun materials about using company devices safely. You’ll be surprised by how your efforts will pay off.

How NordPass can help preserve the joyful vibes

When you first saw all the steps required to protect your online accounts and devices, you might have thought, “That seems like a lot of effort.” However, the good news is that it doesn’t have to be complicated. With NordPass, many of the actions we’ve outlined—such as creating strong passwords, establishing a comprehensive password policy for your team, and enabling multi-factor authentication—can be easily managed.

NordPass is more than just an encrypted password manager. It’s a comprehensive cybersecurity tool that helps both businesses and individuals protect online resources, securely share credentials and sensitive data with trusted contacts, monitor the dark web for signs of breaches, and more.

So, if you’re looking to ensure that your accounts remain secure throughout the holiday season, consider giving NordPass as a gift to yourself or your team. You can also grab a free 14-day trial to put it to the test and see how it improves your online experience. Go check it out!

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.