Select Page
Office worker’s guide to Internet privacy

Office worker’s guide to Internet privacy

There are a number of reasons why internet privacy can be just as important in the workplace as it is in your personal life, and it’s not all about going on Facebook when the boss isn’t looking. In an era of instant message chats and endless email threads, conversations that might once have been had at the watercooler are increasingly likely to take place in logged, viewable exchanges.

Whether those conversations are complaining about a company policy or discussing personal details that could lead to workplace discrimination, most of us are keen to make sure that private discussions remain just that. But since the computers you use at work are your employer’s property, it’s not uncommon for internet connections to be monitored.

computer desktop in office setting with likely non business content

Around 78% of major US companies admit that they check up on their employees’ emails, browsing history, downloaded files and even online phone calls. With almost two thirds of workers admitting to using the internet for personal reasons during working hours, it’s not entirely unreasonable for employers to be suspicious – but if you’re concerned about snooping, it’s good to know how you’re being watched and what you can do to avoid it.

The rules on snooping

A crucial thing to bear in mind when conversing via your work email address or workplace instant messenger system, is that just as your device belongs to your workplace, so does your email account. So whether you’ve added two-factor authentication to your log-in or set your emails up to be heavily encrypted, it won’t change the fact that someone else is the overseeing administrator of ‘your’ account.

In the US, UK and Australia, employers are legally within their rights to monitor all activity that you carry out on a company-owned device. This is true whether you’re in the office or working from home, and can include the use of personal email accounts on company devices.

In the UK, staff are supposed to be informed if they are being monitored – whether that’s via email, in browsing history logs or otherwise. However, just because your employer is supposed to tell you that they’re monitoring you, this doesn’t mean they have to get your consent. And in practice, notification of web use monitoring is forgotten. In the US and most of Australia, no disclosure is legally required.

The financial sector is thought to be the most vigilant when it comes to staff surveillance, with more than 92% of firms participating in some kind of monitoring activity. The types of monitoring in place include:

  • Keylogging – from actual keystrokes to time spent at the keyboard.
  • Computer file audits – inspecting what is being downloaded to, and stored on, company devices.
  • Email reviewing – according to the American Management Association, an estimated 73% of US companies use automatic email monitoring tools, while 40% have individuals specifically assigned to read and review incoming and outgoing email.
  • Browsing history reviews – generally looking for inappropriate site surfing, from social media to explicit content.

Encrypting browsing data

The simplest way to keeping your browsing history and ongoing activity private is to encrypt your connection, using a Virtual Private Network or VPN. There are various VPN apps suitable for PC and laptop use, and they only take a minute to install. Just make certain you only install this on personal devices (if you use them at the office). [Editor’s note – we also employ a VPN on our equipment when traveling (typically this will require an administrator to install on a corporate device).]

When connecting to the internet via a VPN, in essence you create a secure ‘tunnel’ in which to undertake your activities. If your employer tries to access the browsing history of your particular device, anything you’ve been up to while connected using a VPN will be missing from the list.

As well as keeping your activity private, a VPN can also sidestep access restrictions to certain websites. So if you were trying to access social media, only to find that it was blocked by your workplace network, connecting to a virtual server elsewhere through a VPN client would be one way to bypass the block.

If you connect to your workplace Wi-Fi network in order to browse on a mobile device, it’s wise to install you VPN service there too. In theory, the activity on your personal device shouldn’t end up exposed to prying eyes – but browsing activity sent over an office network can still be viewed by relevant parties who want to know what you’re up to.

A mobile VPN can encrypt your traffic in just the same way as a desktop version, ensuring that if someone does try to see what you’re up to, all they’ll get access to are indecipherable encryption keys.

On and offline

It almost goes without saying that the best way to keep your online activities away from your boss is to steer clear of anything but work-related activity online in the office, and to have private conversations in person rather than over the web. But in practice, this isn’t always feasible.

Keep personal conversations and browsing to your own devices where possible, and secure it all with encryption to ensure it can’t be snooped. It’s also a good idea to familiarize yourself with any workplace monitoring policies that your employer has – as well as informing you of anything that could be deemed to be inappropriate conduct, they’ll also educate you on how you’re being watched.

This article was provided by Tabby Farrar, who works with organizations in a range of industries including VPN security and small business consultancy. If you would like to see more articles like this one, please let us know via your comments.

August Update – ‘Skills new hires should have’

August Update – ‘Skills new hires should have’

What work skills can make you more marketable to employers in 2018?

Change is always constant. So naturally, the job skills that employers look for in new hires change from year to year. It’s one of the best ways for companies to stay competitive and ahead of the never-ending curve. According to Julie Friedman Steele, board chair and CEO at World Future Society “The workplace moves rapidly and employers need workers who stay current.” That means you need to consistently improve your skills and develop new ones.

Many small notes about various business processes

Here are 7 work skills most employers look for –

  • Problem solving
  • Data analytics
  • Social media literacy
  • Creativity
  • Resiliency
  • Good business sense
  • Willingness to learn

This list comes from a good article covering 7 work skills which make you more marketable to employers in 2018. Note that most of these relate to non-technical skills. Those are assumed these days.

(more…)

Tools we use

As 2017 draws to a close, we thought it might be helpful to discuss the tools we use for various activities. These tools are not directly used for web design and development; they help our overall processes. Web Professionals considering freelance work or those working in enterprises may find this list helpful. Obviously, these are the choices we have made; we are not endorsing these particular tools – they just work for us. Your mileage will (and should) vary. We also include a brief overview of why it is important to consider using a tool for a specific task.

  • Accounting – many prefer QuickBooks. Others prefer Freshbooks. Regardless of the tool you use, it is important to keep track of income and expenditures.
  • Advice – mentoring is particularly important when you are starting. Obviously, Web Professionals members are here to help. Additionally, you may wish to consider the Small Business Administration and SCORE. The latter provides free business mentoring.
  • File management – we often work across multiple computers (and need access to files in a variety of situations). We have come to rely on tools such as Google docs, One Drive, Dropbox and similar services.
  • Graphics and video – we have come to rely more and more on Adobe Spark. It is a free tool and provides the ability to rapidly create messages for social media and more.
  • Networking – we should not be working alone; it is important to network with peers. We often rely on Meetup to find local groups with similar interests. Our members also know we use Slack to enhance member to member communication.
  • Password vault – passwords should be long and complex and not reused on various sites. This is why a password vault is so handy these days. If you are not using one, you should be. Examples include DashlaneLastPass, or KeePass (there are other alternatives as well). You only need to remember one password to open the vault and can then copy and paste passwords for a specific site as needed. We also recommend using two factor authentication where possible (see below).
  • Portable Apps – when there is a need to use Windows computers in client locations (or you simply want to take your browser favorites/ bookmarks) with you from computer to computer, we have found PortableApps to be a reasonable solution.
  • Project management – we often use Trello (yes, there are many alternatives). Trello fits with our work flows. We find it easy to share boards, checklists and more with others as needed.
  • Screen capture – we typically rely on SnagIt. However, there are times when using computers while working with clients, we have used Greenshot. The latter also has a zip version (so we can take it with us on a USB drive) along with other portable apps (see above). Yes, you can use the snipping tool (and the Mac equivalent), but tools (such as SnagIt) provide greater control and the ability to rapidly crop and annotate the screen capture.
  • Sharing/ collaborating – we typically use Connect and Zoom. There are many alternatives as well, such as Join.me. The advantage of using these tools (in addition to collaboration) is that you can record your screen (with narration) and use these for training, demonstrations and more.
  • Time trackingToggl is what we use to keep track of time spent on various activities. It is important to measure how much time you are spending on various tasks and projects.
  • Two factor authentication – Passwords are no longer enough to provide access to sites. We recommend using two factor authentication where possible. Google Authenticator, Duo, and Microsoft Authenticator are examples. The SANS OUCH newsletter provided a timely overview of 2 factor authentication recently. Disclosure, I (Mark) am one of the reviewers of that newsletter.
  • WordPress site management – if you are running multiple WordPress sites (and roughly 1/4 of all sites in the U.S. these days are based on this technology), you might want to consider using ManageWP. This is a freemium service offered by GoDaddy. It has a number of useful features in the free version (and you can get site monitoring for a nominal amount per site per month). This can save you a lot of time updating plugins, dealing with SPAM and more.

This is our list of tools that we often use. What did we forget? What tools in the above list do you use? Do you have alternative tools you prefer? Why do you prefer those? We look forward to your comments and further discussions. Let us know if you would like to have a separate Slack channel devoted to tools as well.

Best always,

Mark DuBois

Community Evangelist and Executive Director