Yes, employers can see your internet traffic while you’re connected to your company’s Virtual Private Network (VPN). They can see this traffic by virtue of how VPN works. However, it’s unlikely that they see your internet traffic while you’re not connected.
I’m Aaron, a cybersecurity professional with over a decade of experience working in corporate IT departments. I’ve been both a customer and a provider of corporate VPN services.
Let’s dive into how corporate VPN works, which will help illustrate what parts of your home browsing companies can and cannot see.
Table of Contents
Key Takeaways
- A company-provided VPN connection effectively puts you on the company’s internet.
- If your company tracks internet use, they can see what you do on the internet.
- If your company tracks your device use, they can also see what you do on the internet.
- If you don’t want your company to track your internet use, then you should use a personal device without the company VPN to browse.
What Does a Corporate VPN Connection Do?
I covered what VPN is and how it works in the article Can a VPN Be Hacked. You can also watch this excellent video published at the beginning of the pandemic which explains in detail how VPN works.
A corporate VPN connection extends the corporate network to your home. It lets whatever computer is accessing VPN act as if it is on the corporate network.
How does it accomplish that? It creates a secure point-to-point connection between the computer and the corporate VPN server. It does so via a piece of software (the VPN agent) on the computer.
Here’s what that looks like at a very high level of abstraction.
As you can see from the diagram above, when you connect to the corporate VPN, there is a connection on your computer that passes through your home router, to the internet, to the datacenter where the VPN server is located, then to the corporate network. That connection routes all traffic through the corporate network out to the internet.
Can My Internet History Be Seen When I Use a Corporate VPN?
Connecting to corporate VPN is identical to using your computer at work. So if your employer monitors your internet activity at work, then they’re monitoring your internet activity at home while you’re connected to VPN. That covers live use, but what about history?
When you disconnect from VPN, what your employer can see depends on whether they provided the computer or you’re using your own. It also depends on what other software, or agents, they installed on your computer.
Using Your Employer’s Computer
If your employer provided your computer, then they likely manage some of the software on it, like your internet browsers and antimalware. Some of that software sends usage information, or telemetry, back to collection servers.
In that case, the connection (again, at a very high level of abstraction) will look like this:
In this picture, telemetry travels to the corporate network via the red line. Internet traffic, which is the blue line, travels to the internet. If your employer manages the browser on the computer they provided or has other software that captures internet usage when not on VPN, then they can see your internet history.
Using Your Computer
If you’re using your own computer your employer cannot see your internet history, even when you use the corporate VPN, unless you installed Mobile Device Management (MDM) software and your employer tracks internet usage history through that.
Some employers require the use of MDM like Airwatch and Intune because it helps secure your computer and apply corporate management policies. Companies can also use that same MDM software to collect telemetry, like internet usage. They can do that even without a VPN connection being in place.
The abstracted data flow looks the same as using your employer’s computer.
If you don’t have MDM installed and your employer isn’t managing settings on your home computer, then the connection without VPN looks like this:
You’ll see that your computer connects to the internet, but there’s no data transmission to the corporate network. Whatever happens in this state is not captured or monitored by your employer.
FAQs
Let’s take a look at some common questions about this issue and I’ll provide some brief answers.
Can My Employer See My Internet Activity on My Personal Phone?
No, not normally. Most of the time your employer can’t see your internet activity on your personal phone.
The exceptions to that are: 1) you have MDM installed on your phone and it reviews your internet activity, or 2) your phone is connected to the corporate internet and your employer monitors that internet usage.
In those cases, your employer is monitoring telemetry collected by software or their network equipment.
Can My Employer See My Browsing History in Incognito Mode?
Yes. Incognito mode just means your browser isn’t saving the history locally. If your employer collects browsing information from your computer or the corporate network then they can still see what you’re browsing.
Can My Employer Track My Activity if I’m Not Connected to Their VPN?
It depends. If your employer is collecting telemetry from your computer using software Agents or MDM, then yes. If they’re not, then no. How will you know? You might not be able to tell. If you’re using a personal device that doesn’t have MDM, then you can be sure that your employer is not tracking your activity.
Can My Company See My Remote Desktop?
Yes. I’m not going to go into how remote desktop solutions work here, but they’re effectively a computer that sits on the corporate network. So if your company is monitoring internet use, device telemetry, etc. then they can see what happens on that remote desktop.
Conclusion
Your company can see your internet usage live when you use a corporate VPN. In some cases, they can see your internet history from when you browse not on the corporate VPN.
If you’re concerned that your internet browsing may run afoul of corporate policy, then make sure you browse the internet in a way that doesn’t violate that policy.
What are some of your tips for improving your privacy when online? Leave a comment and let us know!