Three ways you might be letting them in, and what to do.
Can they? Sure.
Do they? Maybe. It’s easy to do, but hard to manage. It really depends on how you connect to your home machine and how aggressive your company is about tracking you.
Become a Patron of Ask Leo! and go ad-free!
Is your boss watching?
- If you connect to your work computer from home, the company can monitor your internet activity.
- If you install work software on your home computer, the company could include spyware.
- If you connect to your home computer from work, all of your communications with the machine at home could be intercepted.
- If this is of concern to you, the solution is to keep work and personal technology completely separate.
Any connection between your workplace and your home computer can open the door for corporate monitoring.
Most common right now are work-from-home scenarios, where you connect to work from a home computer. I’ll save your question — connecting to home from the workplace — for last.
1: Connecting to the workplace from home
When you connect your home computer to your workplace, you typically route all of your internet activity through that work connection.
For example, let’s say you make an innocent, unrelated-to-work Google search. Normally, that means your computer reaches out to Google to submit your search and get the results.
If, however, you happen to be connected to your workplace, then instead of going directly to Google, your web search is routed through your workplace’s network.
When you connect to your workplace, your company often uses a VPN to protect that communication. The VPN doesn’t know what traffic should be local or not, so it’s all routed through your company. This is almost exactly as if you were at work, where all the traffic would be routed through your company’s equipment by virtue of your being there.
And of course, any traffic that travels through your company’s equipment can be monitored by your company. Thus, your employer can spy on your home computer’s activities.
2: Installing work software at home
It’s not uncommon to install software from work on your home computer in order to do your job. Particularly if your workplace uses custom or company-specific tools, you may not be able to get them anywhere else.
The net result is that the software you install on your home computer could have an unexpected payload: spyware.
Regardless of whether you connect to your company’s network or not, spyware installed on your system can do anything. Your workplace could spy on your home computer’s activities whether you’re actually working or not. Understanding how much (or when) you’re working may be the reason they want to monitor you.
3: Connecting to home from the workplace
Regardless of how you connect to your home computer from work, it’ll be through the company’s networking equipment. That means they can monitor all the data being exchanged.
Even if the connection you’re using is theoretically encrypted end-to-end, there are techniques that could be put in place to allow the company to monitor the contents of those encrypted conversations (see below).
They don’t even have to get that esoteric. Once again, they could install the equivalent of spyware on your work machine to record your keystrokes, screenshots, and more. It is their computer, after all, and they can install on it what they will.
Protecting your privacy
If corporate snooping is of concern to you, you really have only one option: keep your personal and work technologies completely separate.
Not only does that mean not using work computers for things personal and vice versa; it also means never connecting work equipment directly to your home network — use a guest network, at a minimum.
Well, you have one other option, of course: finding a different, more trustworthy place to work.
How likely is all this, really?
I know that much of this smacks of paranoia. For most people, I return to my “you’re just not that interesting” admonition. In general, what you and I do outside of work is of little interest to our employers.
Particularly in an age where working from home is more and more common and employers have a more difficult time keeping tabs on employees, there may be some who will be concerned enough to consider spying. Even when we’re back in the workplace, when liability is involved, they may feel a duty to monitor what you do, including your non-work activity, if it happens on their equipment.
So yes, absolutely, your workplace can spy on your home computer activities if you inadvertently allow them to.
Whether they actually do, I’m afraid, only they can answer.
Spying on encrypted connections
Most remote access tools and VPNs are encrypted and secure by design.
Or are they?
One technique that surprises many people is the corporate ability to spy on otherwise encrypted connections. It’s not clear how common this is, but it’s technically feasible to do without “breaking” encryption at all.
Techniques I’ve heard discussed work like this:
- First, remember you don’t really control your work computer. Hidden proxies, alternate encryption certificates, and more could be installed by your company.
- When you attempt to connect to a remote computer, it’s transparently intercepted by a corporate proxy sitting between your work machine and the internet.
- Your connection to the proxy is encrypted, but the proxy is able to decrypt, examine, and possibly log the data. It then re-encrypts the data on the connection to the remote destination. The same applies to the reverse path.
- You’d never know this without examining the characteristics of your connection very closely and knowing what to look for (except perhaps for a little slowness).
This approach is technically complex, so I wouldn’t expect a company to set it up unless they had reason to or were particularly paranoid.