Can My Employer Monitor My Personal Computer At Home

[Bartlett Vallee]

Ioccasionally work from home. I have a work laptop that I bring home and connect to my company's network using my home WiFi (I assume it has its own direct connection). I also have my personal computer and my phone nearby, which also use my home WiFi but have nothing to do with my company's network. I use a browser-level VPN on my personal computer.

They could scan your network and identify devices by IP and host name; a good scanner will often identify OS as well. Active measures of this sort are (a) detectable and (b) highly uncommon on user workstations. Restrictive firewall rules may limit detection, but Windows was discoverable on the public profile by default the last time I checked---just the machine itself, though, not details like shares/applications/services.

If they put their NIC into promiscuous mode, they could listen to any broadcast traffic on the network. Windows devices in particular are noisy, and if your router and computers are configured for DHCP then they could find everything eventually.

In a highly unlikely scenario, their system could run a rogue DHCP server that attempts to route all network traffic through their workstation by presenting itself as the network gateway. This is (a) extremely impractical, (b) unreliable, and (c) detectable. With browser-level VPN, they would be unable to see what you are browsing or downloading even in this extreme scenario. Depending on how your VPN handles DNS queries, they might be able to identify the domain. I.e., your browser must resolve security.stackexchange.com in order to load this page, and DNS resolution is typically handled by the OS. If your VPN traps that DNS query and resolves it over the VPN, then the security.stackexchange.com name would not even be visible.

In the end, it is extremely unlikely that they would see anything significant on your network. If your Windows machines are running default settings, there are some neighborhood discovery protocols that will touch the work machine, and incoming communications are often logged. However, these limited probes reveal very little (typically IP, OS, host name, and workgroup name). Unless you have a specific reason to be suspicious of their intentions, you probably don't need to worry. The level of effort required to snoop effectively is generally a deterrent, and that doesn't even consider the possible legal and PR issues.

The laptop could host some attack kits that scan the other hosts on the network for possible vulnerabilities, or scan the network activity. The former attack could have almost unlimited possibilities - in fact the limitation is just how secure is you home desktop. The latter is easier but far less invasive: if you use a VPN, the attacker will only know what VPN you use, and will have to rely on heuristics to try to guess the actual activity.

On most countries, the employer is only allowed to control what you do with their devices. For security reasons, the administrator may log the full activity, have general indicators showing abnormal uses and in that case go deeper in the log analyzis. But scanning the activity on an external network would be an illegal attack. So except if you work in an uncommon country (China, Russia, and few others), or work for a special employer (national security agencies) it is unlikely that kits like that are installed on your work laptop.

If your employer installed some sniffer software on your work laptop, which intercepts all possible packets, then it can monitor what is happening in your home network. The results can be sent from your work laptop to employer directly via network or later on, when you are in your employers network.

If you don't trust your employer and want to be sure that the traffic from your home PC remains private, create a separate WiFi for your work laptop. Of course it is possible if your router supports that. But nowdays even simple routers have such feature like guest network.

I work from home most of the time. I use my corporate laptop for work, and I keep my personal laptop open as a second monitor, for internet research.Whenever I open Google Translate or Linguee on my personal laptop, I get a pop-up window on my professional laptop telling me that a translation website must not be used to disclose protected information.

So it means that there is a software on my professional laptop constantly monitoring all the network activity, and the websites accessed by any device on the network (even personal devices).Is this legal under the EU laws?

If you place your personal laptop let's say on the kitchen table and connect it to your wi-fi and your work laptop on your desk and connect it to your work (probably using your wi-fi and a VPN) There should be no way that your professional laptop can know what your personal laptop is doing.

Now... I don't think your employer does it. It is a lot more likely, that your setup of computers at home is not as strictly separated as I described. You probably have your personal laptop somehow connected to your professional laptop. Either because you use it only as a second monitor as described, or maybe because it's connected to the work VPN, too.

Please also note, that if you are logged in with for example your Google account in the Chrome browser on both laptops, it will synchronize between those two. You can turn it off, but if you don't, yes, your employer will find out what you did on your personal laptop.

If you have a specific question about your specific setup, you can probably get help on Information Security SE. Be prepared that they need a lot more technical details to give you a good explanation for what happens.

I would call your company's IT department and have them figure out what's going on. They shouldn't know what your private computer is doing. They don't care what your private computer is doing. They most likely don't want to know because it only can cause problems. Like your wife might come into your room and use your private computer, that's a legal mine field if the company records what she is doing.

They may be able to figure out what's going on. For example, my private laptop can access the internet through another laptop of the same brand if I set up both computers accordingly, and in that case the company would probably see everything my private computer does because it's actually the work computer accessing the internet and passing everything on to the private computer.

Passive monitoring (Although i am not 100% sure how that would work on a wifi network) of IP traffic, and flagging DNS requests: Not nice, but as long as you signed something probably legal if the device does not store this information but only warns you.

Inserting the own machine via acting as a DHCP Server: Not nice, not reliable, a lot of hassle, would be very much like your business laptop "sharing" it's internet connection and competing with your router.....

Inserting the professional laptop via ARP spoofing and intercepting the connections to the router actively. Definitely hostile, probably illegal even if general permission to monitor the network is granted.

To employers and managers: about the questions #1-6 - whatever workplace monitoring software you use, none of the above can be monitored without obtaining access to a personal employee computer, phone or laptop. Your employees do not need to worry about it.

To employers and managers: about the questions #7,8 - employers can and have the right to monitor workplace computers either they are used directly or via Terminal/Citrix sessions. When applying monitoring in the workplace make sure the monitoring software you use does not violate employee's privacy.

To employers and managers: about the question #9 - if you want to make sure your employees use their work computers there is no need to go this far and monitor via video camera. Workplace monitoring software offers active/idle time monitoring function which is non-invasive.

To employers and managers: about the #10-12 - to keep your employees' privacy protected, WorkTime experts do not recommend using a content (keystrokes) monitoring function. Productivity, attendance, active/idle time monitoring etc. are the non-invasive functions helping to improve employee productivity without infringing on employee privacy.

The coronavirus pandemic led to a sharp increase in the number of employees working remotely from home, both in Massachusetts and across the nation. While working from home certainly offers more freedom and flexibility for many people, it also can come with more oversight than ever before.

When the pandemic first hit in early 2020, about 30% of large employers (with thousands of employees) became equipped with forms of employee-tracking software for the first time. Now, about 60% of all large employers use the software. This number is expected to grow in the coming years.

If you use social media while working, your activity could likely get flagged. An employer can set parameters within the software when it comes to social media use during the workday. An employer could set up the software to flag an employer any time they spend more than 5 minutes on Facebook at a time, for example, or if the employee spends more than a total of 30 or 60 minutes on Facebook throughout the whole day.

In some cases, employers may also be able to monitor your work phone calls. For example, if you use a work phone or a work-issued cell phone, your employer could install monitoring software on the device to track your phone calls.

Employers can do this in a few different ways. One way is by using the monitoring software we discussed in the previous section. This type of software can track which websites you visit and how long you spend on each site.

Even if you have coworkers who have also become friends, you need to be careful with what you share over office collaboration tools like Google Chat, Slack, Google Meet, and other workplace communication tools. Your boss can access these messages at any time, and they could use them as evidence against you in a disciplinary action or even in a lawsuit. For example, if you made a comment that was interpreted as racist, sexist, or homophobic, your employer could use those messages as proof of a hostile work environment.

3a8082e126