Those of you lucky enough to switch to remote work probably have a burning question on your mind right now. Can your employer monitor your non-work related web activity? Your personal emails and sneaky social media breaks?
For the most part – yes, unfortunately. However, the full answer is a bit more complicated, and depends on a few factors. Read on for the details.
Split-tunneling Lets Your Employer See Only What They Need
Working with a small group of people? Then you’re likely using a small business VPN to secure your work laptops, phones, etc. The VPN client may have a split-tunneling feature that allows your employer to choose what data goes through their network.
Let’s say you use the following things in an average work day:
- A chat app like Slack or Skype
- A browser to look up work-related info, use Google Docs, etc.
- An app that lets you remotely access your work computer from home (or your entire work network, if applicable)
- Network-capable software that’s specific to your company
Your employer may set things up so that only data from these specific apps passes through their network. That means you could potentially use a separate browser for personal stuff like email, Facebook, and so on. The same applies for other apps you have in mind.
As OpenVPN mentions, employers may also benefit from split-tunneling. Since all your “personal” traffic goes through your ISP’s servers, it won’t bog down the company network. In fact, companies using corporate VPN solutions may already implement split-tunneling for this exact reason.
Mind you, this is a pretty specific scenario. Don’t start suggesting ways of slacking off to your boss. Even if your personal traffic doesn’t pass through the corporate network, the higher-ups may be spying on you through other means.
Your Employer Can (Usually) See What You Do on Office Devices
Medium to large businesses can usually afford to provide their employees with separate devices for remote work. One benefit to this is that there is no risk of exposing sensitive company data to a personal device that’s potentially infected with malware.
On top of that, business owners can control what operating system, updates, and third party software is installed on those devices. This reduces the chances of:
- Unwanted data collection or buggy system updates (see the long list of criticisms of Windows 10, many of which can only be avoided on its Enterprise versions)
- Unintentional data leaks through third party software (e.g. Zoom leaking Windows passwords)
You should always assume that your employer has installed some kind of tracking software on the company devices. Corporate VPNs also have a dashboard through which employers can monitor traffic passing through their network.
Fortunately for you, businesses are legally required to disclose whether they use tracking software, even on work computers. The EU GDPR and member states’ privacy laws offer even stricter protections for employee privacy.
Despite all this, our recommendation is to limit any non-work activities to your personal devices. Yes, the work day can feel like an eternity sometimes. However, it’s probably not worth risking a warning (or worse) over a few Instagram and Twitter memes.
Can My Employer See What I Do On My Personal Device?
If you have a work-provided device? Then no, they can’t see anything you do on your phone, laptop, console, or smart fridge. You can take a peek at your social media feed or watch a YouTube video on your phone on a slow day.
It goes without saying that you shouldn’t connect to your company’s VPN on any of those devices. Sure, it may be tempting to unblock Netflix with all that free VPN access. However, your boss will most likely see whatever you do while connected to the network.
Why Remote Work on Personal Devices Is a Bad Idea
Using your personal laptop, PC, or phone for remote work can be a security and privacy nightmare. For one, you never know whether your devices are infected with some new strain of malware.
Even before the pandemic, the average cost of a malware attack for a single business was $2.6 million. Most industries were already under-prepared for cyber attacks while people still worked in (supposedly) secure office environments. Things didn’t exactly get better.
In any case, most of the aspects discussed above should apply to remote work on a personal device. First off, your employer needs to inform you of any activity-tracking software they want to install. Or “Data Loss Prevention” software, as companies often sugar-coat it.
Some states in the US even made it illegal to install tracking software on personal devices, as they would infringe on computer crime and spyware laws. Moreover, unauthorized acquisition of personal data can get your employer in trouble in all 50 states and unincorporated territories.
If they don’t install any such software, then your employer should only see your traffic while connected to the company VPN. Try asking the IT department (or whoever set up the VPN) if they enabled split-tunneling as described in the beginning.
Remote Work Monitoring – The Bottom Line
As you can see, it’s a good idea to separate private activities from your work devices and network. At the very least, you should temporarily disconnect from the corporate VPN if you absolutely have to check your email or DMs. That is, if you’re working on a personal device.
Hopefully, things will be back to normal soon and you can stop worrying about such things. Until then, check out why you shouldn’t use a VPN at work for when you’re back at the office.