Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can my company monitor my IM conversations at home?

I work from home using a cable broadband service I pay for. I connect to my
company’s server through a proxy server for email, etc. I use AIM for business
IMing. I recently received a notice from my company that all instant messaging
conversations are being monitored. I am wondering if it is possible for my
company to archive my AIM conversations when I am at home using my own cable
provider, or if they do in fact have archiving capability if that would apply
only to on-site employees. I am concerned because not all of my IM
conversations are work related as I use my screen name for both business and
personal conversations.

Hey, at least they told you. Most companies that do monitor bury that fact
in their employee handbooks, if they even mention it at all.

But can they monitor your IMing at home?

Maybe.

Become a Patron of Ask Leo! and go ad-free!

It really boils down to knowing whether the IM conversation is traveling
across your companies equipment. Obviously when you are at work, by definition
it is. But when you’re at home, it’s possible that it still is, depending on
what else you are doing.

“It really boils down to knowing whether the IM conversation is traveling
across your companies equipment.”

You mentioned that you connect through your company’s server for email.
Well, depending on what that really means, it’s quite possible that your IM
conversation is traveling over the company’s equipment. For example if your
company has you establish a VPN or Virtual Private Network connection to the
corporate network in order to access your email, while you have that VPN
connection established then it’s quite possible that your IM conversation is
hitting the corporate servers, and possibly being logged.

On the other hand, if all you are doing is POP3 mail, or even better, web
mail provided by your corporation, then it’s highly unlikely that you have a
problem.

If you are concerned, I would take three steps, now:

  • Use different IM accounts for your personal and business conversations.
    Keep the conversations to their appropriate topics – business or personal – and
    use only one at work, and the other at home. Don’t mix.
  • In any case, but especially on your business account, don’t say anything
    you wouldn’t want your boss to read. Or his boss. Or the entire IT
    department.
  • Connect to your company’s equipment from home only when you actually need it.

It’s a fine line between privacy and responsibility in any case, but the
bottom line is that when using your company’s equipment they have every right
to examine all the data thereon including your email, IM conversations,
documents, browsing history and whatever else you might have.

It’s something that’s worth remembering next time you’re surfing the net
over your lunch break.

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

6 comments on “Can my company monitor my IM conversations at home?”

  1. Ask the IT department. They should be able to tell you what is going over the company equipment and how to make sure your personal stuff isn’t.

    Reply
  2. While on the surface it’s hard to disagree with that statement, it makes a couple of assumptions that I don’t really like.

    1) Your IT department may not know. Or they may get it wrong. Depending on your company there may be several levels of competancy in the department (or incompetancy, if you’re cynical), and they might just think they know, guess, or get it wrong. Especially since it’s something that’s typically configured once by one person and ignored until needed, it’s not in front of them each day, so they don’t need to remember it every day.

    2) They might lie. Unethical and as wrong as it is, there are companies out there who may choose to explicitly hide this information, for fear of not knowing whatever it is you are doing. The thinking might be that if you have to ask, you must have something to hide, so we better watch.

    I’m not saying that 99% of all companies aren’t going to be honest and accurate – but if you work at that 1% that might not be, asking could be both missleading and problematic.

    Reply
  3. http://www.aimencrypt.com/ has information on how to encrypt AIM. It is probably possible to encrypt other protocols using similar methods, but I haven’t really looked into it. The certificates you can download from aimencrypt can be broken by someone who really knows what they’re doing, but should prevent 99% of IT people from seeing what you’re saying. If you want to be protected from 100% of the IT people, you need to generate your own certificate, which can be a complicated process. Of course, the encryption only protects against people watching your traffic as it goes over the network. If you’re IM-ing from a company-owned computer, you still need to keep your hard drive clean. Leo has several other articles about that.

    Reply
  4. If you encrypt your messages and they are watching you, then they’ll probably assume you’re up to something you shouldn’t be, which could cause problems later on. In any case, all they’d need to do would be to monitor your keystrokes and work and get your password.

    Which reminds me- don’t ever use a password at work for something you wouldn’t want them to see.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.