Hey all, I’ll soon start working for a new employer (fully remote) and I have a few concerns that I can’t find any clear answers to. Maybe you could help me with some insights?
It looks like I won’t receive a company-provided device, so I’d be required to connect to a remote work PC via VPN software (Kerio Control VPN Client) and Windows’ Remote Desktop Connection.
So I was wondering: while I’m connected to the provided VPN network and am logged in to the remote desktop - could the employer see what else I’m running/doing on my PC OUTSIDE of the remote desktop window? Could they see or monitor programs running outside of the remote desktop (so not on the actual work computer), and track my inputs and connections?
Say I minimize the remote desktop window and open my own browser, or idk, start a Steam game, launch Spotify etc., would this be visible to the employer’s IT?
I have not signed any specific form to grant them such access, nor was it discussed with me. I expected to receive a work laptop and I’m used to having my PC running as well to listen to music all the time, to write a to-do-list on my desktop whenever something comes to mind, and to play games during lunch break.
Obviously, I wouldn’t do any of these things on any work device, be it a laptop in front of me or the desktop PC that I’m connecting to, I just don’t know what exactly to expect from this remote desktop connection and how this might invade my privacy.
Looks like your employer is prioritizing their security and privacy over yours. I’d be asking for a company laptop or a direct remote desktop connection, rather than one that requires a VPN tunnel to be established first.
Your employer wouldn’t see traffic from other devices on your home network, but as others have pointed out, all internet traffic on your machine, when the VPN tunnel is active, would likely be running via your employers network.
If you are using standard VPN client like Forticlient, or a windows VPN connection, there is a decent chance all you internet traffic on that computer will treat the VPN as the main internet connection and send all your traffic through it. They will probably not be decrypting the traffic. They will know what sites you visit but will not necessarily see what you are doing. That’s about it really. If they have you install any software the potential exists for them to monitor much more.
Edit: Kerio Control looks like your standard enterprise VPN client with some firewall and network security features. Unless they are splitting the work traffic from everything else, all your network traffic will flow through the full tunnel. Even when RDP session is minimized. As long as VPN is connected, and no split tunnel has been configured, everything goes in and out via the VPN.
It is important to establish boundaries between work and personal life. If you are using your own computer for personal activities while working, keep in mind that those activities should not be accessible to your employer through the remote connection.
Damn. That only applies to traffic of the device that is running the VPN client, right? Not traffic on other devices using the same router at home?
My wife is working at home as well, VPN on a company laptop, and I don’t want this to cause issues about data security and confidentiality on her end as well.
For private PC use I’d rather get a cheap laptop for my remote work, as long as traffic on other devices in the home network isn’t influenced by one laptop connecting via VPN.
It’s not very clear to me in the article, but I hope this data is only gathered while running the program and being connected to the company network. Otherwise this would seem like an absolute no-go.
Just playing devils advocate here, they world be able to see netflows for any traffic over their vpn, even if it didn’t have that functionality in the client. Purely looking at VPN router traffic. Next generation firewalls are awesome.
Correct, they get to sniff your computer but they won’t have complete network control. You should make a work account for your computer and only do work stuff on that profile. Do not check personal accounts. Make it a limited account too. Definitely get a computer dedicated for this.