Comment by zeveb

It's a really, really good practice, whether or not one's firm mandates it. An employer has every right — moral everywhere, legal many places — to monitor your usage of its hardware, software and networks, which implies that if you are doing personal things (say, your finances, or even social networking) that it would be exposed to your passwords and activity.

Meanwhile, you have a duty to be responsible with your employer's data. Your employer can secure its own hardware, but it cannot secure resources you own — which means that if you use your own hardware & software to work with your employer's data that any breach is your fault.

Given those realities, I prefer to use my employer-issued hardware, software & network for my employer's work, and my hardware, software & network for my own purposes. That way my employer is secured from my mistakes, and I am secured from my employer's mistakes (or nefariousness).