Since early 2020, there has been a large-scale shift to working from home around the world. This has led to a convergence between personal and work device usage, which in turn has raised online privacy and security issues.
Almost every action you take online through your computers and mobile devices – whether it involves remote working, online shopping, booking a vacation, interacting with friends and family, searching for information, downloading an app or playing a game – leaves a data trail. This data includes personally identifiable information (PII), plus your browsing and shopping history. The most important aspect of online privacy is ensuring that your data does not fall into the wrong hands.
If a data breach does take place, some of the potential consequences include:
In this article, we explore how to protect your personal online privacy in a world where the boundaries between home and work internet and device usage are increasingly blurred.
Working from home means that many of us now use company-issued computers and phones for our personal use. Yet, our work devices may not be as private as we think. For people using company-issued computers or phones for personal use, it is not uncommon to wonder, can my employer see what websites I visit on home Wi-Fi or can my employer see what websites I visit at home?
In theory, employers can install software to monitor what you do on your work-issued laptop or desktop. In the most vigilant workplaces, this may even include keyloggers that track everything you type or screenshot tools that monitor your productivity.
In practice, the extent to which your employer does this is based on two factors:
Even if your every online move is not being watched, it is the case that employers can view files you access, websites you browse, and emails you send. When it comes to internet privacy, it is usually a good idea to assume your work computer is being monitored and act accordingly.
As well as the security risks related to using work devices for personal use, there are corresponding security risks associated with employees using personal devices for work. As employers implement Bring Your Own Device (BYOD) policies, these risks increase. For companies, having employees use their own devices means many different entry points into company systems.
Security considerations include:
Many companies try to mitigate these risks through devising Bring Your Own Device (BYOD) policies, which may include details like:
If your employer has one, it is a good idea to read through your company’s BYOD guidelines to understand the rights of both parties. Look for the policy in various employee materials such as a handbook, contract, training material, or a specific BYOD agreement.
Taking simple steps can make the difference between maintaining your online privacy or losing it. Here are some tips to help you protect yourself and your information online.
It is easy to have a personal folder on your desktop which contains personal photos or personal documents such as tax returns, but it is important to remember that a work device is not your property—it belongs to the company. These files can be easily accessed, not just by the IT team but also by other employees. It is worth noting that some companies use security tools which, if they detect a breach, start wiping files. If your computer gets infected with malware, the security measures taken to try to get rid of problems might remove your personal files, too. Instead, consider keeping a USB wand on your keychain to save any personal data.
Many people access their non-work accounts using their work computers. However, you are exposing yourself to the risk of sharing your personal data with the IT team. Remember, encrypted transactions are not impenetrable. With the proper knowledge and tools, hackers can quickly access your personal data.
As chatrooms like Slack, Campfire, and Google Hangout become increasingly useful for team collaboration, it is easy to use them as though you were having a chat with colleagues. However, those messages are stored on a server and are just as retrievable as emails. It is worth remembering that not only can an employer see what you typed on company chat, but they can also see the entire chat log in detail.
Many employers monitor employee’s internet traffic. Even if your employer does not pay close attention to your browsing habits, it is still a good idea to avoid doing certain personal business – such as working on a second job – on your company’s computer. Treat your work computer like a borrowed computer – which it is. Ask yourself if your employer would be satisfied with the content you are browsing. If the answer is no, avoid using the company’s equipment to do so.
When working remotely, it can be tempting to grab your laptop and log on to free public Wi-Fi. However, places that offer free Wi-Fi, like the neighborhood coffee shop, can open you up to fraud. This is because cybercriminals may set up fake networks that seem like the real thing but are not. To ensure internet privacy on public Wi-Fi, it is a good idea to use a VPN and follow safety tips.
It is HR best practice for employers to be transparent about what monitoring software they may be running. Your employee handbook is an excellent place to look to find out. If your handbook does not contain details, the information is usually easy to find. Such software may not launch on a taskbar, but many are still located within “add/remove programs.” On a Mac, they will show as an application or service. A quick Google search should reveal the software’s capabilities. It is not a good idea to attempt to remove the software, which may draw attention to you.
Remote access software allows others to take control of your machine and is often used by the IT department when providing IT support. Avoid allowing others outside the IT department to take control of your device.
Prevent malware from compromising your work and your employer’s systems by using a good antivirus software solution. A comprehensive cybersecurity program such as Kaspersky Total Security will help detect threats across the board and provide malware protection.
Make sure your programs and operating system are running the latest version to improve their security. Enable automatic updates to secure your systems.
Improve your Wi-Fi security by encrypting your network. If your Wi-Fi requires a password, that is a good start. If not, access your router settings to change this. The default passwords to access router settings can be a weak link in Wi-Fi and network security. If you have never done it before, change your router’s password. An attacker could get access to your devices through the router.
If you are using your own computer for remote work, use a VPN such as Kaspersky Secure Connection to encrypt your data and protect it from prying eyes. When using a VPN, all your internet activity is encrypted. The only thing that your employer can see is the VPN server’s IP address and gibberish impossible-to-crack data. However, bear in mind that:
If you are already using a VPN installed by your own employer:
During online meetings, be cautious when sharing your screen. If possible, don’t leave any windows open that you don’t want to share. You might accidentally share content that is not meant to be viewed by others. The same applies to webcams, where you may risk the privacy of family members in the background.
Posting too much information on social media can make it easier for cyber criminals to piece together information about you. To maximize your online privacy, it is a good idea to:
A strong password is one that is difficult to guess and includes a combination of uppercase and lowercase letters plus numbers and symbols. Avoid using the same password for multiple accounts. It is a good idea to change passwords regularly. A Password Manager tool could help.
Making sure you have a passcode which is not easily guessed to access your phone is a basic step. Being sure to download apps and games only from legitimate app stores is another. Don't jailbreak or root your phone - that can give hackers a way to overwrite your settings and install their own malicious software. Consider downloading an app that can allow you to delete all the data on your phone remotely, so that if your phone is stolen, you can delete your information easily. Stay up to date with any software updates and be careful about clicking on links online, in the same way you would on a laptop or desktop.
An app that requires access to your camera, microphone, location services, calendar, contacts, and social media accounts is a potential threat to your online privacy. As well as being aware of app permissions, consider deleting data, programs and accounts that you don't use anymore. The more programs or apps you have running, the greater the chance that one of them could be compromised.
Phishers attempt to impersonate well-known organizations, such as banks or high-profile retailers, in an attempt to obtain your user credentials, or to deliver malware to your device via suspicious links or attachments in email messages. Avoid clicking on attachments or links from unknown senders or from suspicious looking emails. If you think your account is in danger, go directly to the relevant website by typing the address into the URL bar in your browser rather than clicking the link in the message.
This enhances your online security by demanding a second form of ID verification besides your passwords, such as an SMS code sent to your phone, a fingerprint, or a security dongle/fob that you can plug in via USB.
Since the start of the pandemic, we have all found ourselves spending more time online. This requires vigilance when it comes to online privacy. A useful tool for you to check privacy settings for different platforms and devices is Kaspersky’s Privacy Checker. By following cyber security best practices, you can safeguard both device and internet privacy.