• Security

Before You Need It

  • Written By: Matt Mitchell

Keep work data off personal devices and vice versa.

Compartmentalize work and personal-life devices and data. Often an employer will give you the option to access work email, calendars, and data from your personal device. This may be a laptop or mobile phone. By electing to do this you may be inadvertently signing your device up to an increased level of monitoring, tracking, and remote surveillance. An employer may provide full or discounted internet or phone service to workers. In some cases this makes the employer a part of your account and privy to personal data like bandwidth information, call logs, device location, and even text message transcripts, most of which are of a personal or private nature. Workplaces might offer insurance perks or other benefits for using work-issued fitness trackers or joining work fitness goal teams. Keep in mind that these trackers may be sharing biometrics, location, and other data to your employer. Another phenomenon is that busy workers will use the most powerful device they have access to for work AND life tasks. Realistically, this “best-tech” gravitational pull is irresistible, so it is a good idea to buy a new personal laptop and mobile device that’s better/more powerful than your work-issued ones as soon as possible.

  • Avoid putting personal documents on your work phone or laptop.
  • Avoid putting work documents on personal phones or laptops.
  • Consider opting out of accessing your work email, calendar, contacts, etc., from your personal device.
  • Consider opting out of free work fitness devices and work fitness goal teams.
  • Avoid work discounts on utilities like internet and cell service.
  • If you can afford to do so, buy or keep a personal phone and laptop, so that you do not inadvertently use work devices for personal needs. 
  • Look into the privacy and civil liberty protections and issues related to and technology provided to you.

Avoid using work wifi on your personal device. 

As more and more workers are returning to the office, they also return to work wi-fi. The device that you bring to the network and the apps or sites you use and visit can all be logged. These logs form  patterns of use, revealing unique fingerprints. Think of them as a heat map that shows how much data is used, how often, on what days, during what hours, and on what exact device. When there are changes to these patterns alerts can be flagged, causing automatic additional auditing or monitoring.  

  • Keep personal devices off work wi-fi, even if it’s a “guest” network.

 

Product/company loyalty and pride should have its limits. 

Congratulations on getting through the interview process and getting a job at that tech firm. The feeling of accomplishment can lead to a “group-think” type “employee mindset” that can cause problems for you in the future. Remember that becoming a loyal consumer of the company that signs your paychecks should have limits. Becoming overly reliant on technology or services produced by your employer has the effect of opening up additional data to them, sometimes in ways that are contractual or implied. “Dogfooding,” staff use of a product before its launch, is often highly encouraged or even expected. Give yourself some space from work and work tech. You may love working at the company, but the company has no love to give you in return.

  • Note that the terms of service and privacy terms of company products might be different for employees. 
  • Avoid using company resources to address grievances. If you are not freely choosing and paying for your legal council, conflict mediators, arbitrators, even therapists and counselors, then they may have loyalties to your employer.
  • Having competitor tech available can be handy in the event you realize you are under investigation.
  • Consider challenging the assumption that official channels are just or well-intentioned. 

 

Understand workplace surveillance.

It might make sense to consider your employer-provided hardware hacked. These devices (laptops, phones, printers, and even smart devices) can be implanted with software that acts in ways similar to malware or spyware, from monitoring keystrokes to taking screenshots and even recording ambient sounds. Meetings conducted over video-conference can be implanted with invisible or inaudible watermarks to track who recorded them in the event of a public disclosure. Oftentimes these tools lay dormant until they are activated. You may be a salary worker but your ID card works like a time card, punched in at turnstiles, doors, and buildings, showing where you are and when. Some CCTV casings may not hold cameras, while other devices on the ceiling may contain CCTV cameras despite not looking like them. How can you tell which systems are in place? Oftentimes you can just ask. Folks in legal, HR, and IT might know a lot more about what your company uses. 

Note: Asking legal, HR, or IT colleagues about surveillance systems may result in you ending up on a surveillance list, in the event of a public disclosure.  

  • Log off from and turn off (not put to sleep) employer-provided hardware whenever it is not in use.
  • Make friends with workers in the legal, IT, endpoint protection, and/or cybersecurity departments.

Statement of transparency

This entire project is worthless if the tech workers who come to it cannot trust where the information is from, who is behind its creation, and who manages the site. For that reason, I have identified every organization and individual who has been instrumental in its development.

The time and resources required to put together the Handbook were funded by Omidyar Network. This is a wholly independent project owned and managed by me. No identifying data will ever be collected or shared about who accesses this site — with anyone. That said, I do NOT advise accessing this from a company device. Your employer can, and will likely, track visits to a resource like this Handbook. 

You can find a list of the data WordPress automatically collects about site visits here.

 

— Ifeoma Ozoma, Founder of Earthseed, Creator of the Tech Worker Handbook