One of the IT-related questions that I am asked most often by friends and family is to what extent their employer is able to spy on them when they use a personal device for work. Being that so many people are currently being forced into working from home as a result of the coronavirus (COVID-19) pandemic, I thought that this might be a good opportunity to try to answer this question, as well as to share a few things that you might be able to do to protect your privacy.
Can your employer spy on you?
Even though I have a lot of people ask me if their employer is spying on them, the bigger question that they seem to want an answer to is what their employer is really capable of. After all, there is a lot of misinformation on the Internet. In the past, I have seen articles saying that a person’s employer can track their whereabouts and watch every keystroke, all in real-time. On the other hand, I have also seen articles that essentially claim that employers are entirely benevolent, and would never intrude on an employee’s personal privacy. In most cases though, the truth is probably somewhere in the middle.
So, what is your employer really capable of? Sadly, I can’t tell you with any sort of certainty. There are a number of factors that determine your employer’s capabilities. Some of those factors include:
- What software your employer is using to support BYOD devices.
- What type of device you are using.
- Whether or not the device is enrolled.
- What mode the device is operating in (such as a “supervised” iOS device).
- How nosey your employer wants to be.
How much access does your employer have to your device?
As previously noted, it’s impossible for me to tell you with any certainty what your employer can or cannot do on your personal device. Even so, there are a few ways in which you might be able to find out.
First, try calling the IT department and asking them. If you try this approach, then there are two things to keep in mind. First, make sure that you talk to someone who is actually in the know. Corporate IT departments are often segmented by job responsibility, and it is entirely possible that whoever is working the helpdesk knows little about the organization’s backend monitoring of personal devices.
Second, when you do ask about personal device privacy, it is important to phrase your question in just the right way and to be a little bit assertive if necessary. If you simply ask someone in IT whether they spy on those who work from personal devices, you are likely to get an answer like, “Oh no, we don’t do that.” A better way to approach the question is to ask what their capabilities are with regard to managing personal devices. If you still don’t feel like you are getting anywhere, then try asking some very specific questions. Here are a few examples:
- Can you access my web-browsing history?
- Can you access the photos stored on my device?
- Can you read my text messages or personal email messages?
- Do you back up the data on my device?
If you think that the person who you are talking to isn’t being straight with you, then try asking about a capability that you know exists. For example, most mobile device management software provides the IT department with the ability to remotely wipe a device that has been lost or stolen. As such, you might ask about IT’s remote wipe capabilities. Another idea might be to speak to another person in the IT department to see if their answers to your questions are consistent with the answers given by the first person that you talked to.
Another way that you may be able to gain some insight into your employers’ capabilities and better protect your privacy might be to simply ask what software they use to manage personal devices. Once you know that, you can visit the software vendor’s Website and check out the management software’s capabilities for yourself. Remember, the software vendor’s goal is to sell software, so they typically aren’t going to try to hide anything with regard to the software’s capabilities.
How can you protect your privacy?
So what if you have no choice but to use a personal device for work, and you would prefer that your employer not know about your nonwork-related activities?
Admittedly, your options are a bit limited, but there are a couple of things that you can do. For starters, you might check to see if you still have an old device that you are no longer using stashed in a closet somewhere. If so, then you could remove anything personal from that device, use it exclusively for work, and reserve your primary device for personal use.
You might even consider purchasing a low-cost device solely for work use so that you can reserve your primary device for personal use.
If you are currently working from a laptop (as opposed to a tablet or smartphone), you might consider setting up a virtual machine. Virtual machines are physically isolated from the device’s primary operating system. This means that you could enroll the virtual machine for work use, leaving the device’s primary operating system for personal use. Because of the way that virtual machines work, your employer shouldn’t be able to snoop on anything that you do outside of the virtual machine.
Protect your privacy with separate devices or a VM
Even if you feel that you have nothing to hide, it’s always a good idea to separate your personal life from your work life if at all possible. You just never know when an employer might take issue with something that you consider to be completely innocent, such as a social media post, a photo, or a particular web site that you visit. The best way to minimize the risks associated with working from home and to protect your privacy is by using one device for work and another device for all of your personal activities. If that isn’t possible or practical, then consider your options for creating a virtual machine.
Featured image: Shutterstock