Snoopers gonna snoop, maybe.
Like so many scenarios, the answer boils down to “It depends.”
It’s very possible your company can see what’s happening on your computer. It’s also possible they cannot.
And of course, it’s also possible they’re clueless as to what capabilities they have.
Become a Patron of Ask Leo! and go ad-free!
If you take home a machine from work there’s no telling what monitoring tools might be included; all bets are off. If you use your own machine then any software you install from your workplace could come with monitoring tools. Further, if your internet connection is routed through your company’s network when you’re working, they can almost certainly examine your traffic should they desire. If you’re at all concerned, the safest thing is to keep separate machines for work and personal use.
Take-home machine
The biggest risk is if you’ve taken home a computer that belongs to your workplace. Be it a laptop or desktop, the computer belongs to the company, and has very likely been set up by your company’s IT department or resident computer geek.
In this scenario, honestly, all bets are off.
Just like when you use this machine in the office, the company absolutely could monitor everything that happens on it, whether it’s work-related or not.
Not only can they, but they probably have every legal and ethical right to do so. It’s their computer. If they wanted to, they could install whatever monitoring software they like on the machine, and you might not even realize it.
I haven’t run across any companies that do this, but it’s absolutely possible.
Using your own machine
Things get stickier if you’re using your own machine for work.
What makes the most difference here is how you connect to your workplace. If you connect using a VPN provided by your company, then you open the door to a wide variety of potential monitoring. All of that machine’s internet traffic — work-related or not — may be routed through that VPN and through your company’s network. That means it’s easily monitored at their end.
Similarly, it’s easy for your company to include monitoring components in applications you need to download, install, and run on your machine. One would hope those components would monitor only the application in question, but there’s nothing that says they wouldn’t be able to monitor all activity on your machine.
If you don’t connect via a company VPN and only visit company-internal websites for your job (perhaps protected from the public by a site login), then the chances of them monitoring anything else on your machine is lower.
But, honestly, all they need to do is to convince you to install a keylogger of some sort in the guise of a company-required add-on or utility, and once again, all bets are off.
If you’re at all concerned
As you might realize by now, there’s no way to be certain your company can’t spy on your non-work activities when you work from home. While it’s rare (at least I certainly hope it’s rare), it’s possible enough that if you have a real concern, you might want to take some action.
My knee-jerk reaction is, if you can’t trust the company you work for not to spy on you in a way you don’t approve of, why are you working there? I realize, however, not everyone has the luxury of leaving their job — and certainly not over issues like this.
The simplest solution is to maintain a “church and state” division of activity. Designate one computer as work-only: use it only for work, and have it be the only computer you use for work. Continue to use all your other equipment normally. In theory, then your company could monitor only your work machine.
And, yes, I have to say “in theory”. It’s still possible your work computer could use malicious techniques to intentionally breach your local network and attempt to infect your non-work machines. If you’re seriously concerned this could be happening, your only real solution is to treat the work computer as completely untrusted.
Or politely decline the offer — or requirement — to work from home.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
“Similarly, it’s easy for your company to include monitoring components in applications you need to download, install, and run on your machine.”
“It’s still possible your work computer could use malicious techniques to intentionally breach your local network and attempt to infect your non-work machines.”
While those things are technically possible, I’m sure those things would be illegal (not a legal opinion), and you would probably be able to sue that company for using malware to violate your privacy. Unfortunately, as in the case of a lot of malware, you might not be able discover it.
If you use the company’s VPN on your computer, make sure you disconnect from the VPN when not doing company work. Anything non-https: that goes over your company’s VPN is plainly visible to their IT department.
I wouldn’t hold my breath that their spying is illegal: https://www.npr.org/2020/05/13/854014403/your-boss-is-watching-you-work-from-home-boom-leads-to-more-surveillance
It is also very possible for your company to turn the microphone on on their laptop that they provided you , at any time day or night. Also, never leave the laptop open, as the company could watch video of what you are doing. Seems like the best advice is to turn the work computer completely off, when it is not needed for work. Hope this helps.
Good points.
How about turning personal computers off when using a company computer on the internet?
Company computer would NOT be connected to a person’s personal computer at home so what would be the point, except of course you are supposed to be working… and doing that on “their” computer. Of course, turn the company computer completely off when using your personal computer. And, if working from home, should you even be using your personal computer when you are officially working for your company? The answer is ethically a really big NO! But one could justify having a personal computer on if it is running in the background and doesn’t need your attention while you are working.
Err. One’s non work computer might be on for, oh, I don’t know: spouse/SO is there too and using it; parents, housemates, kids using it; you are running SETI at home/bitcoin mining; you kicked off a long running non interactive thing on it (deep A/V scan, defragging the disk); you are using it to stream music….
All plausible and legal for you to do with your computer in your home and which has minimal if any impact your ability to do your job on your employer’s computer.
Unless you’ve gone to some trouble, both computers will be on a shared network and thus visible to the other.
I recall a related incident quite some while (years) ago, where a school “bugged” the laptops that they loaned out to their students, so that they could see and hear what the kids were doing.
So. Scandal went thisaway:
Laptop used by kid was monitored.
Kid was popping what looked like blue-&-white caplets.
School sicced fuzz on kid for possible drug use.
Kid was munching “Mike-&-Ike” candies.
Big bruhaha.
School recalled laptops, removed spyware.
LOL! (Well, it’s funny now…)
It’s definitely a possibility and some companies might try it but it’s illegal and could result in civil and criminal charges for the people and the company which do that. But if I were paranoid, I’d put those machines away from earshot. If the IT department were really devious, turning the machine off wouldn’t help.
As part of the “separation of church & state”:
If possible put your work laptop on a different sub-net on your home network (e.g. guest wi-fi). That way any monitoring software on the work machine won’t see the other computers on your network and if you have any malware on one of your personal computers, it won’t see the work laptop.
If you are doing company work on your home computer and accessing company resources from that computer, consider doing all your work activities on a virtual machine and limit it’s access to your personal stuff. That way if you access work resources via a vpn, your personal browsing will not go thru the VPN.
….or, just unplug the ethernet cable of the machine that you aren’t using at the time. No fancy setup nonsense to go through every time you switch. Now what’s the term they use for that… oh yeah, easy peasy.
@Leo… a company has the legal right to monitor what is happening on “their” computers, even if it is at your home. They have the right, heck the legal responsibility, to safeguard data and information about their business. And that is most especially true if that business is a government entity.
Paul,
What’s an ethernet cable?? (Just joking☺). But who uses wired stuff nowadays?
True, I haven’t seen many recent laptops with Ethernet ports. I even use a WiFi USB adapter on my desktop computer. It’s cheaper than buying a long enough cable.
Anyone who wants to maximize the network speed to their computer. (i.e. me!)
Or with sunk cost network cables already in place (in my case, a co-ax run to the basement left over from a cable TV install)?
Very interesting. Thanks for the tip about switching off the VPN.
I have both a phone and a laptop which are company-owned. Was always conscious of the possibility I could be monitored when using them at work, but never paid too much attention at home. I was able to access some web-based company stuff in the past when I needed to do night work. For anything else on the Server, I could Team Viewer back into another always-on computer tucked away in a back office. With the recent crisis, I was given a bit more “liberty” via a VPN, and actually worked from home full time for a few weeks.
Of the scenarios Leo outlined, I’m betting on this one “And of course, it’s also possible they’re clueless as to what capabilities they have”, but this article is still a wakeup call.
My company uses Office365. I can access my files from either my work computer or my home computer. My home computer because the company’s Office license allows me to install Office365 on my home computer. As well, I can access my work OneDrive from my home computer. By accessing any of my work Office365 material on my home computer, could my company use it to spy on me? On the other hand, this job is the most I’ve ever had a company trust me, and I value it a lot and feel more like working harder because of it.
In theory, yes, since Office is itself highly programmable. But I’d consider it unlikely.