Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

How to stop your boss spying on you at work

Tricks to keep some aspects of your online life private

Article comments

Privacy may be dead, but that doesn't mean you have to enjoy having your every electronic move tracked by your nosy manager. If you use a company-supplied PC on a corporate network, and you carry around a company smartphone, you're almost certainly being watched. But with a bit of forethought and some of your own gear, you can enjoy a little digital liberty in the workplace.

At this point, there's little debate about whether companies have a right to monitor employees' activities on corporate PCs and networks. If they supply it, they have a responsibility to monitor it. So unless your company is either deeply clueless or naively altruistic, your web surfing, your instant messages, your running applications and even your keyboard keystrokes are probably being recorded. And if your boss was generous enough to issue you a smartphone, chances are good that your SMS messages, and possibly even your daily travels, are being tracked as well.

PC monitoring

In corporate security speak, the software that monitors what's happening on your PC falls under the general heading of endpoint security. The term refers to everything that goes on between you and your machine, from how you use your computer to the way the software on it works to the physical location of the system. Your IT department needs to know what's up with your PC (and you) to make sure the computer doesn't fall prey to malware, putting company data at risk and potentially harming the business.

Any company with a reasonable IT budget will almost certainly have installed a comprehensive security package from a company such as McAfee, Symantec or Trend Micro. These suites handle everything from antivirus protection and system update management to corporate policy enforcement, and that last task generally includes keeping logs on which apps you launch, which websites you visit and so on. To make matters worse for a privacy-minded employee, a typical endpoint security suite is tightly integrated not only into the PC's operating system (with permissions restricted to keep you from meddling with it) but also into the data centre, where a server (or possibly a remote host) checks on the PC frequently to make sure everything is okay.

Unless your IT department is using some rinky dink freeware to monitor you and chronically neglects to check it, disabling the monitoring features on your endpoint security installation isn't really an option. Even if you were to succeed, the server-side administration tools would throw a red flag once your system stopped reporting in.

The best way to get around PC monitoring software is to sidestep it entirely by using a PC that only you control. In other words, bring your own laptop. If your boss asks why you're not using the one Big Brother issued you, say that the keyboard makes your wrists hurt. The mere suggestion of a potential OSHA case may be enough to send your boss ambling down the hall in search of someone else to dump their passive-aggression on. (Just try to steer the conversation away from any suggestion that you hand the machine over to the IT department for any reason.)

Once the boss is out of your hair, install a few sneaky utilities to help you goof off on your PC without getting caught.

If bringing a whole separate PC to work seems over the top to you, take the simpler route: Internet-connected tablets like the iPad or the Motorola Xoom are ideal for stealthy surfing, and they're unlikely to raise the boss's eyebrows. In fact, they might even create the impression that you're ultra-productive, showing the whole office that you take your work seriously enough to bring your own hardware. (Note: Playing Angry Birds on your tablet in front of coworkers all day will likely undermine that impression.)

Or just use your smartphone, provided it isn't a company-issued handset, that is.

Network monitoring

Your work PC is only the first link in a chain of surveillance that extends from your keyboard to basically every other piece of equipment on the corporate network. In some offices, even the copy machine keeps tabs on you. At the very least, all of your network use is likely being logged somewhere. To avoid having your browsing tracked, you need to get off that network.

Thanks to the proliferation of 3G and 4G data services, it has never been easier to enjoy a little semiprivate (nothing is totally private) web surfing from the office. This development will likely prove to be terrible news for employers, but it's great for lazy workers who like to goof around on the job.

You have several good choices for bringing a mobile broadband connection to your PC. You can buy a computer with mobile broadband built in. You can use a USB dongle. You can use a wireless tethering device such as the Novatel Wireless MiFi or the Sierra Wireless Overdrive. Or you can just tether to your personal smartphone. Depending on which option you choose and how much data you plan to eat up, these services will charge a variable monthly fee.

If you decide to go the smartphone-tethering route, be sure to keep your phone charging on your desk the whole time. An hour of data tethering will easily blow through your phone's battery.

Should the expense of your own mobile data service seem unreasonable for the privilege of escaping your boss's watchful eye, at least take one simple precaution when using your own machine on the company Wi-Fi network: Give your computer an anonymous name.

If you accept the default account settings when you set up your PC, your computer will likely announce you by name whenever you connect to the network, presenting itself as, say, "Dan Thompson's PC" or similar. This name is usually visible not only to your company's IT department but also to everyone else on the network, your coworkers, your boss, the woman in accounting, everyone.

Change the name of your PC to something innocuous and nondescript. Heck, change it to a random string like 9873r54C. Then nobody will know what it is, and it'll just blend in with the long list of devices on the network. And more important, if anyone ever does try looking into what it is, what it has been doing on the network, or where it came from, it won't point so obviously to you.

Even if you're out of the office, or if you work remotely, your web activity can still be tracked whenever you connect to the company's virtual private network. The solution here is simple: Disconnect from the VPN whenever you're not using it, and stick to work tasks while you are connected. This is good practice anyway, since you have no solid reason to stay connected to the VPN when you don't need it.

Smartphone

If your company issued you a smartphone, don't assume that anything you do with it is private. Tracking everything from calls and text messages to apps installed is a trivial task for your IT department, and with mobile security gathering increasing attention of late, chances are good that your device's network activity is at least showing up in a log somewhere.

Even if you're not a total slacker, it can be a good practice to carry your own smartphone for personal use. Besides, doing so will give you the advantage of having an untracked device and network connection as mentioned earlier.

In the grand scheme, of course, there's no such thing as online privacy. And although I know it's none of my business what you do with your time at work, it actually is, both literally and legally speaking, your boss's business. So don't blame the company for wanting to track your computer use. With that said, however, I don't blame you for wanting to loosen the leash a little from time to time. Just use your best judgment, and don't get yourself into trouble.


Share:

More from Techworld

More relevant IT news

Comments

Employee of the Month said: Agree with the other comments Bring your Catchers Mask and gear because youre gonna need it before you touch anything I own regardless of company policy Im already fired in your scenario so what exactly do I have to lose before I tell you where to go stick it and then just leave

John-Margaret Bullock said: This certainly doesnt keep your employer from seeing what you store but it might be arguable that you have a right to expect privacy in regards to what is stored on the private hard drive- if you have been told that the storage space is private by a manager

John-Margaret Bullock said: Depends upon the security systems used at the company

John-Margaret Bullock said: Might depend upon the nature of the documents you signed when hired Hopefully your companys lawyers made sure those were written clearly so as to give proper guidance to everyone involved

Robin said: We are issued with Dell computers which have easily assessable plug in hard drives so most of us in the office have a work hard drive and a private hard drive

Kay said: my boss used a keystroke program to copy the password to my personal computer read and downloaded my sent mailand now the lawyers think he should just get a slap on the wrist

Fake said: Is tunneling software with encrypted data flow a good solution for preventing network admins from sniffing your data

Vincents001 said: Keystroke and image monitors defeat the privacy offered by remote desktop softwareAnd many It departments block LogMeIn

Juibre4 said: you cant touch me personal property never mind rummage through it i hope your company hires good lawyers or you will get screwed

Anon said: It might bypass keystroke logging for starters - I wonder how many people would like having someone constantly standingover them watching everything they write and logging it to be potentially used against them at a later date But because it is being done on a computer apparently we just have to accept this ridiculous invasion of privacy that would not be allowed in any other situationAnd thats not even mentioning movement tracking via supplied mobile phones - this is the kind of thing that law-enforcement would need a warrant to dowhy are employees treated by tech depts as criminals

Mr.Bhavesh said: Wonderful informationThanks for the post

Clyde said: Good post it is very informative about some precautions on company that track employee daily activities There are different approaches to employee monitoring like keylogger that track all data input thru keyboard and a stealth monitoring that is spying on what an employee do secretly These features are just intrusive for employee to use in a workplace I believe that any employee using time tracking software should also be fully aware of what is monitored and when they are being monitored This way invading employee privacy could be preventedI am also using a monitoring software that is not intrusive This software is what we use in our company to track our productive time This software is also design for improving employee productivity it also helps us to stay focus on work and get motivated httpwwwtimedoctorcomblog

Harditaliancantspell said: Hey Harditalian2003 read your post again before you comment on someone elses spelling skills

Personal Trainer said: Really appreciate this article Didnt know

Corporate IT said: Agree with SMS Spy A really irresponsible article

Rabble Rouser said: Were a policy that draconian and termination the only option I would make you get a warrant before allowing you to touch any of my personal property and I would leave the premises

NetworkEng said: dumbest article ive read in a long time how is bringing your own pc and connecting thru your phone bypassing anything and what company would allow you to bring your own Waste of bandwidth here

Jleasy said: Dog you are missing the point is the device does then get connected to the network there is a higher chance that it may infected due to unfiltered internet browsing

Joe said: At this point theres little debate about whether companies have a right to monitor employees activities on corporate PCs and networks Eh no - the debate is still pretty open in Europe - see campaigns in France and Germany

techgoddess said: The recommendations are out of date here Several companies at CTIA this year presented filtering solutions for mobile devices with sophisticated reporting that rivals that of desktop filters for enterprise




Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *