FindYourVPN

True Review from the Expert

Using a VPN at Work Can Be Risky If You’re Not Careful (Here’s Everything You Need to Know)

Using a VPN at Work Can Be Risky If You’re Not Careful (Here’s Everything You Need to Know)

By Septimiu-Vlad Mocan

posted on

You always see online articles and web copy saying you can use a VPN at work to enjoy tons of perks.

But should you actually do it? What do you stand to gain exactly, and what are the risks?

We’ll tell you everything about that (and more) in this article.

Why Would You Use a VPN at Work?

From our personal experience and what our readers tell us, these seem to be the most popular reasons to use a VPN at work:

1. Unblock Sites

Can’t visit Facebook or YouTube while at work?

It’s not because the websites are down. It’s because the IT team blocked the sites with a firewall. They set inbound and outbound traffic rules that automatically block connections to and from those sites.

Here’s the catch, though – those rules are only assigned to your IP address. And that’s the address you get when you connect to the company network.

But if you use a VPN, you “get” a new IP address. The server you connect to will route all your connections to the web through it. Basically, all your online communications with other sites will take place through the server’s IP address.

And that address doesn’t have any firewall restrictions linked to it. So your workplace’s firewall won’t control what sites you can and can’t browse anymore.

Why Do Companies Block Various Sites Anyway?

Your workplace might have very specific reasons for blocking certain websites. You can try asking your supervisor, someone from the IT team, or HR why they do it. But, usually, most companies block popular sites with firewalls because:

  • They believe employees will slack off if they’re allowed to browse YouTube, Facebook, Twitter, or any other “distracting” site at their leisure. They either think that way, or they back up their decisions with studies like this one.
  • Management is worried employees will accidentally access malicious sites. Makes sense. If you accidentally visit a malicious website or download a malware-infected file, the entire company network can get infected, causing huge downtime and serious financial damage.
  • The company has limited bandwidth. If they allow employees to browse streaming and social media sites, it might force everyone to deal with slow speeds. Obviously, that can cause a decrease in productivity.

2. Encrypt Remote Connections

VPNs encrypt your traffic, thereby stopping anyone from snooping on your online communications.

That really comes in handy when you take a lunch break at a nearby coffee shop or restaurant, and suddenly remember you need to log into the company network to do something urgently (like updating a task, messaging a team lead, or upgrading a customer account).

If you were to do that without using a VPN, you’d rely on the coffee shop or restaurant’s WiFi to secure your data.

Sounds like a good backup plan, but hold on – did you have to ask for the WiFi password before logging in?

Oh, you were able to freely log in because there is no password?

Well, we have bad news for you buddy – the network doesn’t use any encryption. Hackers have free reign to use packet sniffers to try and steal company login credentials from you.

And, unfortunately, even if the network had a password, it still wouldn’t be 100% safe. The encryption standard most WiFi networks use (WPA2) has a serious vulnerability. And WPA3, its successor, isn’t doing better either.

Plus, consider this – what if a hacker sets up a fake WiFi network that imitates the real one your device automatically connects to? They could easily monitor all the data you exchange with the company network that way.

It’s much, much safer to use a VPN when accessing the company network on public WiFi. Even if you end up using a fake hotspot, the cyber criminals running it aren’t able to crack the VPN encryption.

3. Hide Your Browsing

Just because your employer doesn’t tell the IT team to block certain sites doesn’t mean they won’t keep an eye on your browsing to make sure you’re not “wasting the company’s time,” as management would say.

All your connections go through the company’s network. So, your boss can easily see what sites you browse, when you access them, and how long you stay on them. So you can’t really pretend to be working when you’re actually scrolling through memes on Facebook because connection requests don’t lie.

But if you use a VPN at work, you get to enjoy some privacy. It encrypts your traffic, so network admins can’t spy on it anymore.

Basically, instead of seeing your connection request is addressed to “facebook.com,” they’d just see random gibberish like “Hfjg34FFerwfg4sda.”

That’s not all – a VPN also hides the IP address you connect to. Instead of seeing the address of a website like Facebook or Twitter, network admins will only see the IP address of the VPN server you’re using.

All in all, it’s a good way to hide the breathers you take throughout the day (which, let’s face it, we all need every now and again). Also, if you use a VPN to unblock sites at work, it will hide the fact that you’re doing it.

But don’t rely only on the VPN! It can’t hide your browsing from your boss if they come up behind you, after all. So try doing this too:

  • Learn your shortcuts. Get used to Wind + D (minimize open windows), Ctrl + W (close current tab), and Alt + Tab (switch apps) on Windows. And on macOS, use Cmd + W (close current tab), Cmd + Tab (switch apps), and Cmd + F3 (minimize open windows).
  • Use your mobile every once in a while. If you have your back to the boss’ office, they might be less likely to see you browsing the web on your mobile than the desktop screen.
  • Use Decreased Productivity. It’s a browser extension that makes sites less distracting by removing bright colors and images. That also means it makes them less likely to get your supervisor’s attention.
  • If you love browsing Reddit, try MSOutlookKitIt’s a portal that reskins Reddit and makes it look like an average email client.
  • If you work with sensitive data (like customer payments or in accounting), maybe you can convince your boss you need a privacy screen. It’s a thin layer of plastic that form-fits your display. Only the person sitting right in front of the device can see what’s on the screen. Here’s a countdown of the best privacy screens on the market.

4. Save Money on Online Bookings

Who here hasn’t spent at least a few minutes once in their life booking a hotel or buying a plane ticket while at work?

It seems a bit unprofessional, sure, but come on – sometimes you get an alert about an amazing discount you just can’t ignore. When you get home, it might be gone!

So you take advantage of that ASAP. But did you know you could get an even bigger discount with a VPN?

That’s right. Sometimes, a VPN can help you get better prices for hotels and airplane tickets. By hiding your IP address, it can help you bypass geographical price discrimination (basically, websites showing different prices depending on what country you’re from).

And as an added bonus – the VPN will also stop network admins from seeing you’re trying to find the best deals for your upcoming vacation.

Can Network Admins See You’re Using a VPN at Work?

Yes. While there’s no huge VPN tag attached to your connection, there are plenty of signs that give it away.

For starters, let’s talk about how the connection looks to them. It varies from company to company, but they always see the:

  • Source IP (your IP address)
  • Destination IP (the IP address of the sites you visit)
  • Port
  • Protocol (UDP or TCP)

When you don’t use a VPN, network admins see the destination IP alongside its DNS resolution (basically, the website or web page’s name). It looks something like this:

Source IP                           Destination IP

          168.234.131.222               104.244.42.65 (twitter.com)

When you use a VPN, admins only see the IP address of the VPN server. They won’t see any DNS resolution (so no website name). Like so:

    Source IP                               Destination IP

168.234.131.222                        188.177.205.109

That might make them suspicious. If they look it up with an IP lookup tool, they’ll likely see it belongs to a data center. 

For example, if we connect to a German server from ExpressVPN, and use this tool to look up the IP address, we’ll see it belongs to Leaseweb Deutschland GmbH. A simple Google search reveals it’s a company that offers cloud hosting, dedicated servers, and VPS (Virtual Private Servers).

Besides that, the port your connection uses can also give you away. Most VPN protocols use specific ports:

  • IKEv2 uses UDP ports 4500 and 500.
  • OpenVPN uses TCP port 1194 by default sometimes.
  • L2TP/IPSec uses UDP ports 500, 4500, and 1701.
  • SoftEther uses port 5555 by default.

Luckily, SSTP uses port 443, and OpenVPN and SoftEther can be configured to use that port. It’s the HTTPS port, so it’s pretty inconspicuous. If you use OpenVPN, you can also turn on obfuscation to make it look like regular web traffic.

But even then, the fact that you’re connected to an IP address with no website name and using port 443 can be indicative of VPN usage.

Read More: What is VPN Obfuscation? How to Avoid VPN Blocks with Stealth VPNs

Why Using a VPN on a Work Computer Might Be a Bad Idea

If you can’t bring your own device and need to use an office computer, we don’t recommend using a VPN – especially if your workplace has a strict no-VPN policy.

Leaving the fact that network admins could see your VPN connection aside, here are other ways your employer could catch you in the act:

Supervisors Can Check Your Computer After Hours

When you leave work, you’re not taking the computer with you. That’s when the IT team, your supervisor, or HR managers can look through it. If they see a CyberGhost icon on your desktop, you’ll obviously get in trouble.

The easiest way to solve that problem is to just uninstall the VPN client before you leave, right?

Well, not exactly. According to users on Reddit, your boss could even ask the IT team to remove your computer’s hard drive and make copies of it before your shift starts.

Presumably, they remove it again after you leave, and check it against their copies to see if there are any differences. They might spot traces of the VPN client (in the OS registry, for example).

Your Boss Could Use Spyware or Keyloggers

If supervisors don’t want to go through your computer, they can just use spyware to see how you use it.

Alternatively, they could use keyloggers to see what you type. So they’ll obviously see the blocked sites you visit + what messages your share with friends, and your VPN login credentials.

And we’re not talking about the shady keyloggers hackers use. No, they’re likely using legitimate keyloggers – like Teramind.

It’s called “ethical” hacking

Normally, they’re not allowed to use a keylogger without telling you in advance. But then again, they might have already did that in your employment contract. You know, the 50-page document you didn’t bother to fully read before signing it.

It sounds like a dystopian scenario, but it’s real-life. Employers using spyware gained more publicity recently due to the COVID-19 pandemic forcing many employees to work from home. But bosses spying on their employees is nothing new.

The IT Team Could Have Remote Access to Your Computer

Depending on what security measures and ethical hacking tools they install on your computer, the IT team or your supervisor could remotely access your computer while you’re using it.

If they suspect you’re using a VPN to bypass the network firewall, they could try accessing your computer at random intervals. At some point, they will catch you using the VPN or browsing blacklisted websites.

So When Should You Use a VPN at Work?

Seems like it’d be safe to only use one if you can bring and use your own laptop at the office. There’s no spyware to worry about that way, and your supervisors won’t go through your device when you leave cause you’re taking it with you.

However, the IT team can still see your VPN connection, so keep that in mind. To avoid that, a good alternative is installing a VPN on your mobile device, and using mobile data. You won’t use the company network to surf the web, so the admins won’t be able to track your connections.

You could also use your mobile to create a hotspot, and connect your laptop to it. Though other people in the office might see the hotspot on their devices, and alert the IT team.

But if your employer clearly forbids using a third-party VPN at work (so not the company’s VPN), we really recommend you don’t break that rule. You can get in serious trouble if you’re caught.

In theory, you should be safe if you use the VPN on your mobile data, but you have to be very, very careful you don’t get caught slacking off that way.

What Are the Best VPNs to Use at Work?

Since network admins have a pretty easy time detecting and blocking VPN connections, a good service should offer features like:

  • Hundreds (if not thousands) of servers so that you have backup plans if the a server’s IP address gets blocked.
  • Obfuscation in case network admins are detecting and blocking your OpenVPN traffic.
  • Cross-platform compatible apps if you’re interested in using the VPN on other devices at work.

Based on our tests and research, ExpressVPN, NordVPN, and Surfshark fit the bill pretty well. If you’d like to take a closer look at them, check out these reviews:

NordVPN is particularly useful because it offers residential dedicated IP addresses. They cost $70 per year (on top of your subscription), but if the admins look up the IP address, they won’t see a data center but a legit ISP. So they might think you’re remotely accessing a home computer, not using a VPN.

Also, if you’d like to see how those VPNs compare to each other, or to other top providers on the market, follow this link to read our ultimate guide.

Can Your Boss Stop You from Using a VPN?

Yes, they can.

If you use a work computer, they can ask the IT team to set up software that stops you from installing applications (like a VPN client). They can even stop you from installing VPN browser extensions.

If you are able to install a VPN on your work computer, or you use your personal laptop, network admins could block the IP address of the VPN server. Don’t forget – they can see it when they check your connection. All they need to do is block it with a firewall, and you can’t connect to it anymore.

Of course, you can just use a different VPN server or refresh your IP address through the client. But nothing stops the IT team from blocking the IP address again and again. If they have to do it too many times, they might report you to your supervisor.

Will a VPN at Work Stop Admins from Seeing Torrent Traffic?

It encrypts your traffic, so yes – the IT team won’t be able to see your torrent traffic.

However, we don’t recommend torrenting at work. Even if you use a VPN.

Here’s the thing – network admins might not see your torrent traffic, but they can tell you’re using a VPN to download torrents.

How?

By checking how much data you exchange with the VPN server. Like we already said, they can see you’re connecting to an IP address, and they can tell it belongs to a VPN server. Well, besides that, they can also see how much data you upload to and download from that IP address.

If you download an old game that has a .iso or is in an archive that’s under 100 Mb, maybe they won’t become suspicious. But if you download a 1080p Blue-Ray episode of Game of Thrones that’s around 4-6 GB, they’ll very likely notice.

And that’s not the only problem. Here’s what else can go wrong:

  • There might be security measures in place that prevent you from installing torrent clients on your work computer.
  • HR managers or the IT team might check your work computer and find the torrent client.
  • Network admins will see a constant upload stream to a single IP address. They might think you’re seeding torrents.

Really, the only way you can safely download torrents at work is if you use your mobile data with a VPN. Or if you use your phone to create a hotspot, connect your personal laptop to it, and use a VPN to torrent.

But even if you do that, there’s always a chance your supervisor will catch you doing it. Even though you’re not using the company’s network, you might still get in trouble since it counts as a “distraction.” That, and you might download malware-infected files, putting the whole network at risk when you connect to it.

To be honest, it’s better to wait until you get home. It’s less risky and much more convenient.

I’ll Just Use the Corporate VPN Instead

Many companies have their own corporate VPN with pre-installed clients on the work computers. So if you can’t install a third-party VPN, you can just is it, right? Since it’s the company’s VPN, it should be whitelisted.

Well yeah, you can use it. But we don’t see how it’d help you. When you use your workplace’s VPN, you connect to your company’s servers. Sure, you get a new IP address, but how’s that going to help you when it has the same firewall restrictions?

The higher-ups obviously told the IT team to configure the corporate VPN to block connections to sites they don’t approve of.

Speaking of which, if you work from home, do not use the corporate VPN to visit websites that have nothing to do with your work. If the VPN isn’t configured to block them, your boss will be able to see your browsing. Corporate VPNs don’t offer end-to-end encryption, so the company can see your traffic.

Can You Use TeamViewer at Work Instead of a VPN?

TeamViewer is a software that lets you remotely access a device. If using a VPN is out of the question, you can actually use TeamViewer to bypass your workplace’s firewall.

You just need to set it up on your home computer and the laptop you use at work. Then, use TeamViewer at work to remotely access your home computer. You’ll use your home’s network to surf the web on your home computer, not the company network. So you won’t deal with any firewalls.

Plus, TeamViewer encrypts your traffic with AES-256, like most VPNs do. This document also says they use end-to-end encryption for chat and video messages, so it’s likely the entire session is encrypted that way too.

Don’t forget, though – the IT team will still see your connection. And it will look like a VPN connection because you’re connected to an IP address with no domain resolution. But at least if they ask what you’re doing, you can say you used TeamViewer to check some work files on your home computer.

But don’t use this method on a work computer. If it has keyloggers on it, the IT team will get your TeamViewer login credentials. That means they’ll be able to access your home computer remotely.

Can You Use Tor at Work Instead of a VPN?

You can, but we don’t really recommend it. Here’s why:

Your Office Can Block It Just like a VPN

If your workplace already has ways of stopping you from using a VPN, they can do the same to Tor.

They could prevent you from installing the Tor browser on your work computer.

And if you use a personal device or the portable version as a solution, the network admins can just block the IP address of the server you’re using. In fact, they can block all the IP addresses since they’re publicly available.

Your Boss Might Use Services that Detect Tor Traffic

If the IT team doesn’t block Tor connections, that doesn’t mean they can’t spot them on the network.

Normally, they shouldn’t be able to tell Tor traffic apart from HTTPS traffic. However, there are services that claim they can detect Tor traffic on a network – like Plixer and NETRESEC.

They’re not able to crack the encryption, so admins won’t see your browsing. But they’ll still know you’re using Tor at work.

You could use obfuscation (obfs4) to hide the traffic, but it’s not worth the hassle as you’ll soon see.

Tor Has a Bad Reputation

When executives, shareholders, or HR managers think of Tor, they don’t think of an online tool that lets people unblock geo-restricted sites, bypass censorship, and encrypt data.

No, they think of an infamous tool that criminals use to:

Why?

Because that’s how the mass media portrays Tor.

It’s a bad generalization, we know. But companies take it seriously. According to one Reddit user, when Tor traffic is detected at some companies, security is sent at the employee’s desk. It’s a fireable offense, and they could be escorted out of the building.

Also, after a forensic examination of the employee’s computer, they might press charges if they suspect digital trespassing (accessing parts of the network you’re not authorized to visit) or corporate espionage.

So this is no joke. Just because you weren’t told you can’t use Tor at work doesn’t mean you should try your luck. It’s not worth losing your career and ending up in court over it.

Tor Can’t Unblock Some Sites + You Get Bad Speeds

Even if your boss is okay with you using Tor at work, it’s still not better than a VPN.

For one, it can’t unblock as many websites as a VPN. There are actually a lot of sites currently blocking Tor – like Netflix, Hulu, DirecTV. Expedia, and WikiTravel.

Besides that, you’ll deal with pretty bad speeds. According to current Tor metrics, there are around 6,000 servers for roughly three million users

You already get limited speeds on the company network. Add to that the overburdened Tor servers and three (or more) rounds of encryption and decryption, and you’ll definitely deal with long load times and dropped connections.

Read More: VPN vs Tor: Which Is Better for Private Browsing, Streaming, Torrenting?

Do You Ever Use a VPN at Work?

If yes, what do you use it for? And have you ever gotten in trouble for using one?

Also, if you know any other ways companies monitor and block VPN usage, please tell us about them.

Reader Interactions

Leave a Reply

Your email address will not be published.