Everyone wants flexibility. Remote work made it easier than ever to juggle more than one job and people are doing just that. But if your employees are using your company-issued devices to freelance, consult, or run a side hustle, you’re dealing with a security risk that’s likely invisible.
What’s the problem?
Tools and data from other jobs show up in your environment.
Sensitive info gets dragged into personal folders or shared with outside clients.
Password reuse and unsecured browser sessions increase your exposure.
Here’s how to start getting a handle on it:
1. Put it in writing
If your policies don’t mention side work, change that. Be clear about what’s allowed on company devices.
Example policy language:
“Employees may not use company-issued devices for outside professional work unless explicitly approved by both IT and their manager.”
Make sure it’s covered in onboarding, policy acknowledgments, and regular training.
2. Split the workspace
Help your people draw a clear line between their work for you and anything else. Use:
Separate OS user profiles
Managed browser profiles (like Chrome Profiles or Firefox Containers)
MDM tools to restrict what’s installed or accessible
3. Watch for the patterns
Polyworking often shows up as unusual behavior:
SaaS tools no one approved
Cloud storage not tied to your domain
Logins into unrelated platforms or services
Use EDR, CASB, or network logs to look for these signals. Not to punish—but to know what you’re working with.
Bottom Line
You probably can’t stop polyworking. But you can stop your data from traveling with it. Build clarity into your policies and structure into your environment. Control what you can.Â
