To gain an insight, Digital Journal connected with Dan Arel, a privacy activist and author. Arel provides five often-overlooked ways people working from home can easily shore up their privacy, including ways to protect themselves from unnecessary surveillance from their employer.
Digital Journal: How extensive is home working? Are we entering a new normal?
Dan Arel: People around the world are now starting to realize working from home may be the new “normal” for some time to come. While many have found this to be relaxing, easier, and perhaps just works better for their already busy schedules in general, it does pose some issues.
DJ: What are the issues relating to employer surveillance?
Arel: We are starting to perhaps become too comfortable with these arrangements and letting our guard down a little. When you’re sitting at your office, it’s hard to forget you’re at work, connected to their network, knowing that if they wish they can monitor your activity or track your time with greater ease.
Yet at home, we start to let those walls down. Sure we’ve been sitting at our computers for hours, but you need a break, you want to read up one some news, or check out the sales happening online as businesses try to retain customers during this pandemic.
Or perhaps you’re not on your work network and you need to send a confidential file to a coworker, so you just send it via email, or a file-sharing site that you found quickly online.
These mistakes are easy to make, but easier to avoid. Below are five simple steps you can do at home to avoid making massive privacy mistakes that not only violate your own personal privacy, but the privacy of your company and which ultimately could cost you your job.
DJ: What advice can you give to employees?
Arel: There are five points to me, which I’ve outlined below
Don’t use your work equipment for your personal life
The best practice here is keeping your work and personal life separate, even if it doesn’t feel as if they are anymore. For many, working from home blurs that line, and we can’t let it. Need to check your bank? Use your personal phone, or your personal computer.
If you’re using a personal computer for work, be sure you’re logged off your company’s VPN if you’re using one. Many companies utilize VPNs to allow employees to login to secure servers, yet that VPN also gives them more access to what you’re doing online.
What you do when you’re not working is not their business and they have no right to have access to that data. Take every step to ensure they cannot track your online activity, even if they say they don’t or won’t. Don’t give them the ability.
You also don’t want to be in a situation where you have confidential work files on your personal computer and either you lose your laptop, or your system is compromised and you’re at fault for not removing those files. If you’re not encrypting your personal hard drive, avoid storing any work files on your computer.
Think privacy when it comes to company files
Need to share a list of clients, or personal information about other employees in a file? Think twice about how you send it. No email provider is exempt from phishing attempts, which makes email a bad way to share secure files. Emails can also be subject to Freedom of Information Act requests inside the U.S. and subpoenaed by governments around the world.
Instead, if you company has a secure server, which is end-to-end encrypted and regularly cleaned of sensitive data, you can use that for sharing files. Otherwise, you can look for secure file transferring services.
Like above, you don’t want to be the person in your office being the point of breach. Ensuring sensitive files are always in a secure location, even during sharing, will help prevent you from being the weak point in the security chain.
Use a private search engine
You’re at home now, you’re on your private network and you’ve maybe already taken steps to bring privacy into your own home. Yet, maybe you use a non-private search engine at work because it’s the default on your browser and you just didn’t give it much thought. Now you’re at home and all your searches are being sent through your IP and much more information is being built about how you are.
Switch to a privacy-respecting search engine such as Startpage to ensure your work life doesn’t get added to your online profile. In fact, leave the private search engine as your default even if/when you do return to the office. What you’re searching for is no business of companies profiting off your personal data, at home, or at work.
Your searches are your business. Are you looking up labor laws to ensure your rights are not being violated? Are you looking at new jobs? This is especially important if you can’t separate your work system and your home system. You could simply be looking up resources to deal with the mental health impact that working from home during a pandemic is causing. Your online activity, or your mental health is your business, not theirs.
Working from home also means many more chats that are had face-to-face are being made on chat apps, either personal or team chats.
Did you know that chat platforms such as Slack or Microsoft Teams can be accessed by your employer if the account is run by them?
For sensitive conversations with co-workers, use apps like Signal or Riot. This can be done to protect client or customer info, trade secrets, but also as mentioned prior, you may be discussing labor violations, or just a much-needed venting sessions about your boss. Your communications between co-workers are private and not the business of your company.
Don’t share passwords to shared accounts via chat or email
A lot of companies have employees who may share access to a single site or service and they only have one password. If you forget a password, you may be emailing a coworker for it, who might reply with the password in plaintext in an email, which is not a secure format..
Instead, use a password manager. Many password managers such as Bitwarden or 1password offer business profiles and allow them to set up shared password vaults. Only employees with permission to access them can use those passwords and have access revoked at any time.
This also allows businesses to use a unique password for every account, meaning if a coworker quits, they can revoke access and easily change just the passwords they had access to rather than every password the company uses.
These are just some of the most common work from home issues I have come across. The ways we communicate, and how much access into our personal lives and homes we allow our employees to have, is up to us. With a few simple steps and tools, we can protect our own privacy, the privacy of the companies we work for and the customers who may rely on our security.