There are a number of reasons why internet privacy can be just as important in the workplace as it is in your personal life, and it’s not all about going on Facebook when the boss isn’t looking. In an era of instant message chats and endless email threads, conversations that might once have been had at the watercooler are increasingly likely to take place in logged, viewable exchanges.
Whether those conversations are complaining about a company policy or discussing personal details that could lead to workplace discrimination, most of us are keen to make sure that private discussions remain just that. But since the computers you use at work are your employer’s property, it’s not uncommon for internet connections to be monitored.
Around 78% of major US companies admit that they check up on their employees’ emails, browsing history, downloaded files and even online phone calls. With almost two thirds of workers admitting to using the internet for personal reasons during working hours, it’s not entirely unreasonable for employers to be suspicious – but if you’re concerned about snooping, it’s good to know how you’re being watched and what you can do to avoid it.
The rules on snooping
A crucial thing to bear in mind when conversing via your work email address or workplace instant messenger system, is that just as your device belongs to your workplace, so does your email account. So whether you’ve added two-factor authentication to your log-in or set your emails up to be heavily encrypted, it won’t change the fact that someone else is the overseeing administrator of ‘your’ account.
In the US, UK and Australia, employers are legally within their rights to monitor all activity that you carry out on a company-owned device. This is true whether you’re in the office or working from home, and can include the use of personal email accounts on company devices.
In the UK, staff are supposed to be informed if they are being monitored – whether that’s via email, in browsing history logs or otherwise. However, just because your employer is supposed to tell you that they’re monitoring you, this doesn’t mean they have to get your consent. And in practice, notification of web use monitoring is forgotten. In the US and most of Australia, no disclosure is legally required.
The financial sector is thought to be the most vigilant when it comes to staff surveillance, with more than 92% of firms participating in some kind of monitoring activity. The types of monitoring in place include:
- Keylogging – from actual keystrokes to time spent at the keyboard.
- Computer file audits – inspecting what is being downloaded to, and stored on, company devices.
- Email reviewing – according to the American Management Association, an estimated 73% of US companies use automatic email monitoring tools, while 40% have individuals specifically assigned to read and review incoming and outgoing email.
- Browsing history reviews – generally looking for inappropriate site surfing, from social media to explicit content.
Encrypting browsing data
The simplest way to keeping your browsing history and ongoing activity private is to encrypt your connection, using a Virtual Private Network or VPN. There are various VPN apps suitable for PC and laptop use, and they only take a minute to install. Just make certain you only install this on personal devices (if you use them at the office). [Editor’s note – we also employ a VPN on our equipment when traveling (typically this will require an administrator to install on a corporate device).]
When connecting to the internet via a VPN, in essence you create a secure ‘tunnel’ in which to undertake your activities. If your employer tries to access the browsing history of your particular device, anything you’ve been up to while connected using a VPN will be missing from the list.
As well as keeping your activity private, a VPN can also sidestep access restrictions to certain websites. So if you were trying to access social media, only to find that it was blocked by your workplace network, connecting to a virtual server elsewhere through a VPN client would be one way to bypass the block.
If you connect to your workplace Wi-Fi network in order to browse on a mobile device, it’s wise to install you VPN service there too. In theory, the activity on your personal device shouldn’t end up exposed to prying eyes – but browsing activity sent over an office network can still be viewed by relevant parties who want to know what you’re up to.
A mobile VPN can encrypt your traffic in just the same way as a desktop version, ensuring that if someone does try to see what you’re up to, all they’ll get access to are indecipherable encryption keys.
On and offline
It almost goes without saying that the best way to keep your online activities away from your boss is to steer clear of anything but work-related activity online in the office, and to have private conversations in person rather than over the web. But in practice, this isn’t always feasible.
Keep personal conversations and browsing to your own devices where possible, and secure it all with encryption to ensure it can’t be snooped. It’s also a good idea to familiarize yourself with any workplace monitoring policies that your employer has – as well as informing you of anything that could be deemed to be inappropriate conduct, they’ll also educate you on how you’re being watched.
This article was provided by Tabby Farrar, who works with organizations in a range of industries including VPN security and small business consultancy. If you would like to see more articles like this one, please let us know via your comments.