Here’s how your work VPN might expose your local network to your employer:
Potentially, your employer can see and interact with every single device on your network if your work computer is connected through a VPN.
In practice, this is hard to do and unlikely, but it’s worth considering.
If you create network segregation, you can ensure that your employer can’t access your personal devices.
So if you want to learn all about how your work VPN might expose your local network to your employer exactly, then this article is for you.
- 4 Ways to Fix Fastly Error: Unknown Domain
- How to Use a VPN While Connected to a Mobile Data Network?
- Netflix & VPNs: Banning for Using VPNs?
What Is a VPN?
You know that you have to use the VPN to do work from home, but what is the VPN actually doing?
Why does it matter?
In technical terms, the VPN creates a secure connection tunnel between your computer and work resources.
Those resources could be servers run by the company.
It could be a simple work network or even a single desktop computer at the office.
There are a lot of ways to set up a VPN, but there’s mostly one reason to do it.
The point is to increase security and privacy.
Without a VPN, it’s feasible that hackers or malicious people could attack your connection and actually steal data from the business.
The VPN fortifies your connection to make such an attack a lot more difficult.
Basically, the VPN is there to increase security and protect data.
It can do other things, but the protection stuff is what most companies care about the most.
How Does VPN Work?
The VPN tunnel is a virtual analog to an actual tunnel.
Think of it this way.
If you’re driving on the highway, people could walk onto the highway from the side of the road.
But, if you’re driving through a tunnel, there are no open sides where someone can access the road.
Your VPN is doing a similar thing for your work connection.
The virtual systems creating the “tunnel” make it so that third-party systems cannot access the communication between you and the work resources.
In other words, the VPN makes it really, really hard for some random party on the internet to intercept communications between you and work.
That’s really important for protecting sensitive information.
What Can an Employer See? (3 Things)
You have a VPN connecting your work computer to the stuff at work.
It’s increasing security and privacy.
That’s all fine.
But, what can your employer actually see through this connection?
That’s a big question with even bigger answers.
The thing I want to really impress upon you right now is that what is possible does not necessarily reflect what is actually happening.
It’s possible to see a lot of different things through the VPN connection, especially with the use of additional software.
But, it’s pretty uncommon for employers to look at much outside of how you use the computer for work.
Most employers don’t really want to know more about your home life.
So, to be thorough, I’m going to take you through the possibilities—as many as it makes sense to cover.
After that, I’ll explain how your employer can see things on your network.
After that, I’ll show you how you can control what they see and take your privacy into your own hands.
#1 All Network Devices
The first thing to understand is that with a VPN connection, your employer can potentially see every single device connected to your home network.
Even if that sounds scary, you’re probably underestimating just what this means.
They can see the computer that you use for work.
They can also see your personal computer that you don’t use for work.
They can see your phone that’s on the Wi-Fi.
They can spot your tablets, smart TVs, smart TV attachments, and smartwatches.
They can find your smart thermostat (like a Nest), connect with your Wi-Fi-enabled garage door opener, talk to Alexa on your Amazon speaker, and even communicate with your camera doorbell (like a Ring device).
If it connects to your network on any level, they can potentially see it.
#2 IP Addresses
Your employer can also see specific information tied to all of the devices on your network.
They can see your physical IP address, the IP address for devices on your network, and even MAC addresses.
I’m glossing over what all of these mean, but each is a specific serial number attached to specific information used for specific purposes.
In general, these are all numbers that are used for networking, which is a big part of why your employer can potentially see them.
Now, normally you only care about people accessing these numbers because they can be used to hack systems.
Since most of us aren’t concerned with our employers trying to install malware on computers or run us through a scam (at least, hopefully you don’t have to worry about that), it doesn’t usually matter that your employer can access this information.
Data is much more concerning.
Since the VPN is connected to your network, it can be used to see the actual data that goes across the network.
This includes browsing histories, downloads, and uploads.
As a quick note, it’s not particularly easy to use a VPN to see this information on devices other than your work computer, but technically, there are ways to do it.
So, your employer can see what movies you stream, what things you download to your devices, what games you play, and more.
Again, it’s not likely that they’re looking at this stuff on anything other than the work device, but there are ways to do it.
How Do Employers See These Things? (2 Ways)
Before you let this information drive you too crazy, we should talk about how it all works.
When you understand why it’s potentially very difficult for your employer to spy on you too hard, it might provide a little peace of mind.
Here’s the gist of what’s going on.
The VPN tunnel allows your computer to connect directly to a computer or server at work.
This tunnel allows traffic in two directions, so the work devices can see communication that goes to and from your work computer.
If you have multiple devices on your home network, then your work computer can communicate with those devices.
At the very least, it can see those devices.
Because of this, the VPN tunnel can be used to see these communications too.
Now, at this point, we aren’t talking about literally reading files or downloads.
Instead, the VPN allows your employer to see the network that you connect to, and that comes with network-related information, like which other devices are connected.
From here, it takes more than just a VPN to see some of the things I mentioned above.
#1 Additional Software
The VPN grants access to the network, and it allows your employer to communicate directly with your work computer.
It’s also possible that your employer uses additional software to monitor behavior on the work computer.
They might do this to see how much work you actually do in a day.
They might do it just as an extra security measure to watch out for viruses or other bad things on the computer.
Plenty of workplaces would consider allowing remote access through the VPN so tech support can remotely fix things on your computer for you.
Regardless of the motivation, this type of software gives your employer a lot more access to your home network.
Because they can effectively control your work computer remotely, they have the ability to see absolutely everything that your work computer can see.
If you have home sharing or similar networking tools enabled, then the remote connection allows the employer to see shared files and shared devices.
They can even potentially browse your other devices from the work computer.
And, if you’ve set things up so that your work computer can directly control other devices (which is super convenient in a lot of situations), then your employer can use that setup to remotely control those devices too.
It’s a lot of potential power.
#2 Why Access to the Network Is Hard
But in case you missed it, there are a lot of “ifs” in the above section.
Your employer can only see these things if the other devices are on the same network, if you have some type of sharing system in place, or if your work computer is set up to remotely control other devices.
Without those ifs, your employer sees a lot less.
They can see information on the work computer, and they can see which devices are shared on the network with the computer.
In all, it’s not much information where your personal devices are concerned.
But, they can probably see absolutely everything you do on the work device.
Don’t forget that part.
What Can You Do About Your Privacy? (4 Options)
When you keep the “ifs” in mind, the way to control your own destiny is pretty clear.
Do things that break up the ifs, and your employer has a lot less access to your devices and information.
With a few privacy tips, you don’t have to hope that your employer isn’t spying on you.
You can make it functionally impossible.
#1 Use Network Privacy Settings
The easiest thing you can do is adjust network privacy settings. These settings exist on every device, and the exact steps depend on the type of device.
Windows, macOS, iOS, and Android all have different ways to do this, but you can implement these settings on all of them.
With network privacy settings, you can make it so that a device is not “discoverable” on your home network.
It means that other devices can’t directly communicate with them, even though they’re all on the same network.
If you’ve ever hopped on to Wi-fi at an airport, hotel, or coffee shop, you might have seen a notification about this type of setting.
Your device recommends that you not be discoverable on a public network.
You can basically treat your work network as a public network.
Implement the privacy setting, and then the work computer won’t be able to see your other devices, and that breaks the chain right there.
Privacy is restored.
#2 Create Groups
The problem with the above tip is that it gets rid of some very convenient features.
It’s nice when you can use your phone as a remote to control the smart TV.
Life is easier that way.
So, if you want to have all of these sharing features while still keeping a layer of privacy between personal and work devices, then network groups are your friend.
Again, the steps vary by system.
The general idea is that you can create a group of devices that are allowed to see and talk to each other.
The group is made exclusive, though, so other devices on the network can’t join in unless you give them express permission.
One of the most thorough ways to control these permissions is with MAC filtering, which I’ll explain a little later.
To help make this a little clearer, this is something known as a HomeGroup in Windows, and it has similar names on other platforms.
You can walk through the steps to create the group, and make sure it excludes the work computer.
#3 Use Multiple Networks
If groups feel a little complicated, you can also create completely separate networks to use for home and work.
The good news is that this does not mean you have to pay for a second internet connection from your internet service provider.
There are essentially two ways to do this.
If you have a dual-band router, you can set it up so that the two bands do not communicate with each other.
You put the work computer on one band and everything else on the other band.
This separation means that the work computer can’t talk to your other devices, and you don’t have to worry about group sharing and other networking systems.
There’s a clear line of segregation.
But, this is not ideal if you’re ever up against your bandwidth limits.
If using all of your devices at the same time makes the internet feel slow, then scrap this idea.
Instead, you can just set up two different routers.
Again, they can plug into the same modem, so you don’t have to pay for more internet service.
Each router will run its own network, so you put the work computer on one of them and everything else on the other.
Because you have separate routers, this is less likely to slow down your internet experience.
There is one thing to watch out for.
There are routers that are designed to work in tandem with each other.
They can automatically identify each other and connect.
The idea is that they can extend the range of your Wi-Fi by putting the routers in different locations.
You don’t want this for network segregation.
So, make sure your two routers either can’t do this or aren’t allowed to do it in the settings.
#4 MAC Filtering
The last thing I’m going to mention is MAC filtering.
This is a special network security feature that can help you ensure that the work computer is properly isolated.
You can use this with any of the segregation techniques I mentioned above.
Here’s how it works.
Every device has a specific MAC address.
This is a serial number that is assigned when the device is manufactured, and it can’t really be changed.
When you use MAC filtering, your group or network will deny access to any device unless you manually enter the MAC address to approve the device.
So, if you enable MAC filtering, you’ll have to manually enter the number for every device you want on the network or in the group.
As long as you don’t enter the work computer, it can never talk to your other devices, and your employer won’t be able to spy on you via the work computer.
That’s pretty much it, but I’m going to say this one more time for emphasis.
All of this advice prevents your work computer from spying on your personal devices.
None of it stops your employer from seeing what you do on the work computer itself.
That’s a whole different conversation.