Employer VPN: What Network Activity Can They See?

TL;DR

An employer can see all network activity while connected to their VPN. Outside the VPN, they generally only see activity on devices they own and manage. However, there are exceptions – especially with company-owned devices or if you’ve agreed to monitoring as part of your employment contract.

Understanding the Basics

Let’s break down what’s happening when you connect to a work VPN and how that affects what your employer can see. A Virtual Private Network (VPN) creates an encrypted tunnel between your device and your company’s network. This is designed for security, but it also gives the employer visibility.

What Your Employer Can See *While on the VPN*

1. All Traffic: When you’re connected to a work VPN, all of your internet traffic is routed through their servers. This means they can see:
• Websites visited (even HTTPS sites – though they won’t necessarily see the *content* without further inspection).
• Applications used that connect to the internet.
• Data sent and received.
• IP addresses you’re connecting to.
2. DNS Requests: Your Domain Name System (DNS) requests are also visible, showing which websites you’re trying to access before a connection is even made.
3. Logs: Most companies log VPN activity for security and troubleshooting purposes. These logs can include timestamps, bandwidth usage, and connected IP addresses.

What Your Employer Can See *Outside the VPN*

When you’re not connected to the work VPN, your employer’s visibility is significantly reduced, but not necessarily zero.

1. Company-Owned Devices: If you are using a laptop or phone provided by your company, they likely have software installed that allows them to monitor activity. This can include:
• Web browsing history
• Installed applications
• File access
• Location data (if enabled)
2. Managed Devices: Even if you use your personal device, but it’s enrolled in a Mobile Device Management (MDM) program for work email or apps, the company can often monitor activity related to those specific services.
3. Network Monitoring (Limited): If you connect to the company network directly (e.g., via Wi-Fi at the office), they can see traffic on that network.

Checking for Monitoring Software

Here’s how to check your device:

1. Windows: Open Task Manager (Ctrl+Shift+Esc) and look for unfamiliar processes running in the background. Check the ‘Startup’ tab for programs that launch automatically with Windows.
2. macOS: Open Activity Monitor (Applications > Utilities). Look for unusual processes consuming resources. Check System Preferences > Users & Groups > Login Items for startup applications.
3. Mobile (Android/iOS): Review the list of installed apps and check app permissions carefully. Be wary of apps requesting excessive access to your data.

Legal Considerations

Employers generally have the right to monitor company-owned devices and networks. However, they must be transparent about their monitoring practices. Read your employment contract and any IT policies carefully for details on what is being monitored.

Protecting Your Privacy

1. Separate Devices: Use a personal device for non-work activities whenever possible.
2. VPN Awareness: Be mindful of your activity when connected to the work VPN.
3. Privacy Settings: Review and adjust privacy settings on all devices and applications.
4. Read Policies: Understand your company’s IT policies regarding monitoring.