written by: Donna Buenaventura•edited by: Linda Richter•updated: 12/7/2010
Are you using Twitter or Facebook or playing online games using the VPN connection by a company you work for? Ever wonder if your employer can access your computer via VPN?
slide 1 of 4
How VPN Works for Employees
Virtual Private Network (VPN) lets you use the Internet connection of a working place, anywhere and at any time. It helps the employees and company to access the data they need when presenting to a potential customer, without having to hunt for wireless connection (public or private). Some employees use the VPN connection to surf the Internet, send and receive personal email messages, chat with friends using Skype, Windows Live, and Yahoo Messenger programs, listen to music, and/or watch videos. This worries the employees, and often we find a common question, “Can my employer access my computer via VPN?"
slide 2 of 4
Can Your Employer Access Your Personal Computer via VPN?
When a person or group is connected to the Virtual Private Network of a business or company, some information on your personal computer (it can be a laptop, desktop, or smart phone) is visible to the host computer. You can access the data or files that you need for work, which means the employer or IT administrator can monitor by logging or recording the connection of any client computers that are using their VPN connection.
An example scenario is when a person is chatting, using a social network for personal use, or playing online games from the computer using the VPN connection. Can your employer find out what you’re doing? Yes, the employer can find out about your activity, in real-time or when they check the activity log of VPN connections using a VPN management console. At the same time, they can disconnect you when they want to.
However, employers cannot access the files on your computer unless any or all of the below scenarios are true:
The files are not secure – Any files and directory in a personal computer can be accessed by anyone in your network, if the files are not encrypted or if the permission is to allow computers in the VPN network to access them.
PC is part of the company domain – The computer is under your responsibility but provided to you by the company, which means computers in a domain may gain access to the files. This depends on the settings, policy, or software that the company may have added or have in use.
Using VPN with desktop sharing software - Some companies do not only provide VPN connection, but include desktop sharing software. Files in your computer may be accessible if such software is installed or in use. An example of such software is Gbridge and TeamViewer.
slide 3 of 4
Securing Your Computer When Using a VPN Connection
Preventing employers or other people and computers (especially attackers and hackers) from accessing files on a personal computer is an easy task. First is to ensure that the permissions for file sharing policies are set to only allow your user account to have access. Use a strong password (see How to check password strength), and then encrypt important or sensitive files.
slide 4 of 4
If possible, do not use Virtual Private Network for business in accessing the Internet or using the connection for personal matters. Most businesses or companies are using content filtering, which means the sites, online service, or some programs may not be allowed to be accessed or used using the VPN connection.
Consult the company’s rules, guidelines, and policies on whether you are allowed to use the VPN connection to surf the Internet during lunch breaks or when you’re not working. Whether it is allowed or not, it is best to use your private network at home or wireless connection to surf the Internet instead of using a VPN network. Some companies use split tunneling that let you switch the connections to use. Log-out from the VPN session and then use a private network. Finally, make sure that your personal computer is malware-free. Rootkits, Keyloggers, Trojans and other types of malware can put the data from your computer and the company data at risk.