Working Remote: Exactly What Your Boss Can (and Cannot) Monitor

The Illusion of Home Privacy

Remote work blurred the lines between the office and the living room. When you power up your company laptop and connect to the Corporate VPN, your digital environment fundamentally changes. You are no longer on your cozy home network; your data is subject to enterprise-grade oversight.

Many remote workers are terrified of "bossware" (software that tracks keystrokes and takes webcam snapshots). But what if you use a personal laptop to log into a work portal? Can they still see you? The answer lies in network architecture.

Scenario 1: Full-Tunnel Corporate VPNs

If you are required to use a corporate VPN (like Cisco AnyConnect or GlobalProtect) to access work emails, be warned: most use a "Full-Tunnel" configuration. This means 100% of your internet traffic is routed through your company's servers before hitting the open internet.

• Can they see your browsing history? Yes. Your DNS queries go to them. They know exactly how much time you spent on YouTube instead of Jira.
• Can they read your messages? If you use WhatsApp Web or personal Gmail, the traffic is HTTPS encrypted. They can't read the content, but they know you are using those apps.
• Can they see your location? Absolutely. The VPN establishes a handshake with your real home IP. If you secretly traveled to Mexico and logged in, IT will flag an anomalous login from an unexpected country immediately.

Scenario 2: Using a Personal Device

What if you don't use a VPN, but just log into Office 365 or Slack from your personal gaming rig? In this case, your company cannot see your web traffic or install keyloggers. However, they still harvest rich metadata.

Every time you log into a corporate cloud system, your public IP is logged. Combined with Browser Fingerprinting (identifying your screen resolution, OS, and hardware type), IT departments use zero-trust security platforms to build a profile of your "normal" behavior.

"The most common remote work bust isn't from spyware; it's an employee forgetting their VPN is on while browsing job boards, or triggering a geo-fence alert from another state."

The Golden Rules of Remote Work

To keep your professional life and personal life digitally separated, follow these rules:

1. Never mix devices: Work equipment is for work. Personal equipment is for personal use. Never log into personal banking on a managed machine.
2. Understand Split-Tunneling: If your company VPN uses split-tunneling, only traffic destined for internal company servers goes through the tunnel, while regular web traffic goes directly through your ISP. (Ask your IT dept).
3. Run a Sanity Check: Turn on your work VPN and open DCIPCHECK. Look at the ISP. If it says "Microsoft Corporate" or your employer's name instead of your home provider, you are being routed and monitored. Act accordingly.