Surveillance technology is rampant inside and out of the office. Many employers utilize mobile management products for company-issued devices like phones, laptops, and tablets. These contain programs designed to protect businesses from theft, corporate espionage, or malicious intent.

However, while all this is great for protecting your company, they’re not exactly the best thing for you. It’s no longer a question of if your company is tracking you; the next you need to ask is, how much data can companies actually find? Surprisingly, a lot.

What Can Employers See on Company Wi-Fi and Remote Devices?

Most people don’t realize the extent to which companies have access to their data or how much of it they sign over when using company devices. Here are some examples.

Location

Many employees think that using a Virtual Private Network (VPN) is enough to make their employers believe that they are where they are supposed to be.

While there are ways to hide your real location on a personal device, it is not entirely fool-proof, especially when logged-in to any application or website with a company-issued email address or mobile number.

Related: Who Can Track Your Data When Using a VPN?

It can be close to impossible to hide your real location when using company-issued devices. For example, telecommunication companies can detect when you have connected to any of their roaming partners.

In addition, corporate VPNs are different from commercial VPNs with gateways monitored by internal IT teams.

Notes, Documents, and Emails

If you think no one knows that you’ve been using company Wi-Fi to find your next job, you’re mistaken. Even if you’re not using a company email address, many businesses have programs pre-installed in company laptops that include real-time activity logs, browsing history updates, and timed screenshots of open documents and emails.

On the premise of protecting against possible data breaches, many companies also use these as reporting mechanisms or productivity trackers.

Related: Best Time Tracking Software and Apps

Online Messaging History

Despite the rise of encrypted platforms, the reality is that your messages are not entirely private on corporate devices. When using messaging platforms, companies may not be able to see the exact details of your exchanges but will likely still be able to recognize metadata such file size and type.

With this, if you decide to send PDFs of large sizes through an app like WhatsApp, your company intrusion detection system will likely flag you for suspicious behavior. In line with corporate guidelines, they may ask you to prove your actions were not malicious and may need to request sign-offs from leadership for clearance.

How to Avoid Sharing Personal Data With Your Employer

There is no absolute way to keep your personal information, conversations, and activities completely out of reach at all times. However, there are several ways that you can mitigate the risks.

We don't endorse hiding data from your employers; in fact, they have the right to collect information on their employees—even being able to track you legally. But you need to know when it's appropriate to keep things to yourself, and that depends on individual companies.

Read Company Policies

Before you can argue about data transparency, you must also understand the kind of information that you are knowingly giving your employer by working for them. Only when you know what is expected can you establish the appropriate professional boundaries.

Surveillance Cameras

Aim to understand company data collection policies and procedures before they're collected. From there, you can effectively make a plan to opt-out of providing more information than necessary.

Use Personal Gadgets

While it’s always tempting to use company devices to save money, the reality is, nothing is ever really free. Invest in laptops, mobile phones, and tablets for personal use.

Having separate personal devices is also a great way to establish boundaries, especially when working remotely.

Using your own device gives you the ability to establish and manage the various security practices necessary to keep your data safe from prying eyes. It may seem like an unnecessary expense, but it goes a long way to preserve your peace of mind.

Use Guest Profiles on Personal Devices

Connecting to any network that is not your own is always a security risk, even if it is at work premises. Signing into a company Wi-Fi gives your employer permission to access everything from your messages' metadata to browsing history logs.

If you absolutely need to use your personal laptop on company networks, you can opt to use a guest profile to reduce the amount of data they can access remotely. Alternatively, you may connect with your personal mobile phone’s data plan or portable Wi-Fi device.

Keep Your Passwords Safe

Creating strong passwords isn’t enough. You need to make sure that your passwords do not get saved on company devices. Saving personal passwords for online banking accounts, personal emails, or government websites on gadgets you don’t own puts your data at immediate risk if your company database is compromised.

Use only your personal mobile phone or laptop to access important accounts, especially those where money is involved. Whenever possible, enable two-factor authentication.

Separate Your Work and Personal Life

Employers have the right to access your company-issued device remotely if they suspect you are participating in any form of illegal activity, putting company information at risk, or requested by law enforcement for investigation.

This is different to personal devices, however.

Your security is only as strong as the people you are in contact with—that includes your employer. Keeping your personal and work devices separate is just one step towards decentralizing your data. By practicing strong security measures, you can limit the number of access points hackers have to documents, emails, and networks.

Decentralizing personal data is necessary because it protects you, as an individual, and your company from theft, fraud, and other forms of cybercrime.