Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can My Company Monitor My IM Conversations At Home?

Question: I work from home using a cable broadband service I pay for. I connect to my company’s server through a proxy server for email, etc. I use AIM for business IMing. I recently received a notice from my company that all instant messaging conversations are being monitored. I am wondering if it is possible for my company to archive my AIM conversations when I am at home using my own cable provider, or if they do in fact have archiving capability if that would apply only to on-site employees. I am concerned because not all of my IM conversations are work related as I use my screen name for both business and personal conversations.

Hey, at least they told you. Most companies that do monitor bury that fact in their employee handbooks, if they even mention it at all.

But can they monitor your IMing at home?

Maybe.

Become a Patron of Ask Leo! and go ad-free!

It really boils down to knowing whether the IM conversation is traveling across your companies equipment. Obviously when you are at work, by definition it is. But when you’re at home, it’s possible that it still is, depending on what else you are doing.

You mentioned that you connect through your company’s server for email. Well, depending on what that really means, it’s quite possible that your IM conversation is traveling over the company’s equipment. For example if your company has you establish a VPN or Virtual Private Network connection to the corporate network in order to access your email, while you have that VPN connection established then it’s quite possible that your IM conversation is hitting the corporate servers, and possibly being logged.

On the other hand, if all you are doing is POP3 mail, or even better, web mail provided by your corporation, then it’s highly unlikely that you have a problem.

If you are concerned, I would take three steps, now:

  • Use different IM accounts for your personal and business conversations. Keep the conversations to their appropriate topics – business or personal – and use only one at work, and the other at home. Don’t mix.
  • In any case, but especially on your business account, don’t say anything you wouldn’t want your boss to read. Or his boss. Or the entire IT department.
  • Connect to your company’s equipment from home only when you actually need it.

It’s a fine line between privacy and responsibility in any case, but the bottom line is that when using your company’s equipment they have every right to examine all the data thereon including your email, IM conversations, documents, browsing history and whatever else you might have.

It’s something that’s worth remembering next time you’re surfing the net over your lunch break.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

6 comments on “Can My Company Monitor My IM Conversations At Home?”

  1. Ask the IT department. They should be able to tell you what is going over the company equipment and how to make sure your personal stuff isn’t.

    Reply
  2. While on the surface it’s hard to disagree with that statement, it makes a couple of assumptions that I don’t really like.

    1) Your IT department may not know. Or they may get it wrong. Depending on your company there may be several levels of competancy in the department (or incompetancy, if you’re cynical), and they might just think they know, guess, or get it wrong. Especially since it’s something that’s typically configured once by one person and ignored until needed, it’s not in front of them each day, so they don’t need to remember it every day.

    2) They might lie. Unethical and as wrong as it is, there are companies out there who may choose to explicitly hide this information, for fear of not knowing whatever it is you are doing. The thinking might be that if you have to ask, you must have something to hide, so we better watch.

    I’m not saying that 99% of all companies aren’t going to be honest and accurate – but if you work at that 1% that might not be, asking could be both missleading and problematic.

    Reply
  3. http://www.aimencrypt.com/ has information on how to encrypt AIM. It is probably possible to encrypt other protocols using similar methods, but I haven’t really looked into it. The certificates you can download from aimencrypt can be broken by someone who really knows what they’re doing, but should prevent 99% of IT people from seeing what you’re saying. If you want to be protected from 100% of the IT people, you need to generate your own certificate, which can be a complicated process. Of course, the encryption only protects against people watching your traffic as it goes over the network. If you’re IM-ing from a company-owned computer, you still need to keep your hard drive clean. Leo has several other articles about that.

    Reply
  4. If you encrypt your messages and they are watching you, then they’ll probably assume you’re up to something you shouldn’t be, which could cause problems later on. In any case, all they’d need to do would be to monitor your keystrokes and work and get your password.

    Which reminds me- don’t ever use a password at work for something you wouldn’t want them to see.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.