Tips for protecting your privacy while working from home

One of the IT-related questions that I am asked most often by friends and family is to what extent their employer is able to spy on them when they use a personal device for work. Being that so many people are currently being forced into working from home as a result of the coronavirus (COVID-19) pandemic, I thought that this might be a good opportunity to try to answer this question, as well as to share a few things that you might be able to do to protect your privacy.

Can your employer spy on you?

protecting your privacy

Even though I have a lot of people ask me if their employer is spying on them, the bigger question that they seem to want an answer to is what their employer is really capable of. After all, there is a lot of misinformation on the Internet. In the past, I have seen articles saying that a person’s employer can track their whereabouts and watch every keystroke, all in real-time. On the other hand, I have also seen articles that essentially claim that employers are entirely benevolent, and would never intrude on an employee’s personal privacy. In most cases though, the truth is probably somewhere in the middle.

So, what is your employer really capable of? Sadly, I can’t tell you with any sort of certainty. There are a number of factors that determine your employer’s capabilities. Some of those factors include:

  • What software your employer is using to support BYOD devices.
  • What type of device you are using.
  • Whether or not the device is enrolled.
  • What mode the device is operating in (such as a “supervised” iOS device).
  • How nosey your employer wants to be.

My general rule of thumb is that if you are working from a device that was issued by your own IT department, you should assume that IT can monitor absolutely everything that you do on the device (whether they actually can or not). Similarly, if you have enrolled a personal device for use with corporate resources (meaning that you accepted to the terms of use, consented to the device being managed, etc.), then it’s best to assume that everything on the device is accessible to your employer. Realistically, your employer probably can’t actually access everything, but there is a good chance that at least some of the device’s data or metadata is accessible to your employer, so consider that when you want to protect your privacy.

How much access does your employer have to your device?

As previously noted, it’s impossible for me to tell you with any certainty what your employer can or cannot do on your personal device. Even so, there are a few ways in which you might be able to find out.

First, try calling the IT department and asking them. If you try this approach, then there are two things to keep in mind. First, make sure that you talk to someone who is actually in the know. Corporate IT departments are often segmented by job responsibility, and it is entirely possible that whoever is working the helpdesk knows little about the organization’s backend monitoring of personal devices.

Second, when you do ask about personal device privacy, it is important to phrase your question in just the right way and to be a little bit assertive if necessary. If you simply ask someone in IT whether they spy on those who work from personal devices, you are likely to get an answer like, “Oh no, we don’t do that.” A better way to approach the question is to ask what their capabilities are with regard to managing personal devices. If you still don’t feel like you are getting anywhere, then try asking some very specific questions. Here are a few examples:

  • Can you access my web-browsing history?
  • Can you access the photos stored on my device?
  • Can you read my text messages or personal email messages?
  • Do you back up the data on my device?

If you think that the person who you are talking to isn’t being straight with you, then try asking about a capability that you know exists. For example, most mobile device management software provides the IT department with the ability to remotely wipe a device that has been lost or stolen. As such, you might ask about IT’s remote wipe capabilities. Another idea might be to speak to another person in the IT department to see if their answers to your questions are consistent with the answers given by the first person that you talked to.

Another way that you may be able to gain some insight into your employers’ capabilities and better protect your privacy might be to simply ask what software they use to manage personal devices. Once you know that, you can visit the software vendor’s Website and check out the management software’s capabilities for yourself. Remember, the software vendor’s goal is to sell software, so they typically aren’t going to try to hide anything with regard to the software’s capabilities.

One more thing that you should do is to reread the organization’s terms of use statement that is presented when you enroll a mobile device. Such statements are almost always designed to protect the organization, not the end-user, and should spell out all of the liberties that the organization might be taking with users’ personal devices.

How can you protect your privacy?

protecting your privacy
Shutterstock

So what if you have no choice but to use a personal device for work, and you would prefer that your employer not know about your nonwork-related activities?

Admittedly, your options are a bit limited, but there are a couple of things that you can do. For starters, you might check to see if you still have an old device that you are no longer using stashed in a closet somewhere. If so, then you could remove anything personal from that device, use it exclusively for work, and reserve your primary device for personal use.

You might even consider purchasing a low-cost device solely for work use so that you can reserve your primary device for personal use.

If you are currently working from a laptop (as opposed to a tablet or smartphone), you might consider setting up a virtual machine. Virtual machines are physically isolated from the device’s primary operating system. This means that you could enroll the virtual machine for work use, leaving the device’s primary operating system for personal use. Because of the way that virtual machines work, your employer shouldn’t be able to snoop on anything that you do outside of the virtual machine.

Protect your privacy with separate devices or a VM

Even if you feel that you have nothing to hide, it’s always a good idea to separate your personal life from your work life if at all possible. You just never know when an employer might take issue with something that you consider to be completely innocent, such as a social media post, a photo, or a particular web site that you visit. The best way to minimize the risks associated with working from home and to protect your privacy is by using one device for work and another device for all of your personal activities. If that isn’t possible or practical, then consider your options for creating a virtual machine.

Featured image: Shutterstock

Leave a Comment

Your email address will not be published.

Scroll to Top