Why YSK: It appears several Lemmy Instances are flagged as suspicious and at least 1 instance intentionally using the name of ransomware. A couple of the big enterprise monitoring suites (Fortiguard, ZScaler) will flag your account and may end up with you being pulled into an office for an explanation, or worse.
TL;DR: Keep browsing to your local instance at work for now.
DoT uses the TLS protocol as far as I know while DoH uses the general HTTPS (443) protocol. But both of them are encrypted so you shouldn’t worry about security with any of them. Just use the one that is supported with your device/app