Read My Latest Cybersecurity Newsletter For FREE By Clicking Here!

Additional menu

Pithy Security | Cybersecurity News

Pithy Security | Cybersecurity News

Can My Company’s VPN See Everything I Do While Working From Home?

By - Get email updates

Yes, if you’re connected to your company’s VPN, IT can see all your internet traffic, including websites visited, file transfers, and application usage. The VPN routes your traffic through corporate servers where it gets logged and monitored just like office network activity.

Pithy Security | Cybersecurity FAQs – The Details

Question: Can my company’s VPN actually see everything I do while working from home?

Asked by: Grok

Answered by: Mike D (MrComputerScience) from Pithy Security.

What Corporate VPNs Actually Capture

When you connect to a corporate VPN, your device creates an encrypted tunnel to company servers. Every packet you send goes through that tunnel first. The company’s firewall, proxy, and SIEM tools sit on the other end logging everything. They see every DNS query (which websites you looked up), every HTTP/HTTPS connection (where you browsed), every file upload or download, and every application making network requests.

HTTPS encryption protects your data from outside observers, but your company decrypts and inspects it using SSL interception. Corporate devices typically have a company-issued root certificate installed that allows this. IT sees the full URLs you visit, not just domain names. If you browse reddit.com/r/jobsearching, they see the specific subreddit. If you upload your resume to LinkedIn, they see the file transfer. Tools like Zscaler, Palo Alto Prisma Access, and Cisco Umbrella make this inspection trivial.

Split Tunneling Changes The Game

Not all corporate VPNs route 100% of your traffic. Split tunneling configurations only send work-related traffic through the VPN while personal browsing goes directly to the internet. If your company uses split tunneling, they only see connections to corporate resources (email servers, internal apps, file shares). Your Netflix binge and personal banking stay invisible.

The problem is you can’t easily tell which configuration your company uses. Most VPN clients don’t advertise this. Some companies disable split tunneling specifically to maintain full visibility. Others enable it to reduce bandwidth costs and improve employee internet speeds. Check your VPN settings or ask IT directly, though asking might flag you as someone concerned about monitoring, which creates its own problems.

Endpoint Monitoring Goes Beyond VPN Traffic

The VPN isn’t your only exposure. If you’re using a company-issued laptop, endpoint detection and response (EDR) tools like CrowdStrike Falcon, Microsoft Defender for Endpoint, or Carbon Black run continuously. These agents monitor everything happening on the device itself regardless of VPN status. They capture screenshots, log keystrokes in specific applications, track running processes, and report USB device connections.

Some MDM (mobile device management) solutions extend this to personal devices enrolled in BYOD programs. Installing a corporate profile on your iPhone or Android device can grant IT remote wipe capabilities, location tracking, and app usage monitoring. The scope varies by policy, but assume any device touching corporate resources has some level of monitoring. Using your personal phone as a hotspot for your work laptop doesn’t help if the laptop itself runs monitoring agents.

What This Means For You

  • Disconnect from the corporate VPN when browsing personal sites or conducting sensitive activities like job searches or medical research.
  • Check if your company laptop has split tunneling enabled by reviewing VPN client settings or testing whether personal sites load faster on versus off VPN.
  • Use a completely separate personal device for private activities rather than relying on incognito mode or assuming corporate monitoring has limits.
  • Review your company’s acceptable use policy and employee monitoring disclosures because legal requirements vary by jurisdiction and some tracking requires explicit consent.

Related Questions

  • 1
  • 2
  • 3

Want Cybersecurity Breakdowns Like This Every Week?

Subscribe to Pithy Security (Cybersecurity news made simple. No ads. No hype. Just signal.)

Subscribe (Free) → pithysecurity.substack.com

Read archives (Free) → pithysecurity.substack.com/archive

You’re reading Ask Pithy Security. Got a question? Email ask@pithysecurity.com (include your Substack pub URL for a free backlink).

You're already here. That means you take security seriously. I'm Mike D., and Pithy Security is where thousands of sharp minds come every week to stay ahead of the threats, breaches, and power moves reshaping the cybersecurity landscape. Security engineers, ethical hackers, IT pros, and everyday people who just want to protect themselves all read every issue because I don't bury the lede and I don't waste your time.

Ransomware, zero-days, AI-powered attacks, data privacy, and the high-stakes politics of digital defense. All of it, delivered without the jargon spiral. If you've been reading on the web, do yourself a favor and subscribe to the full experience below.

I may earn commissions from the affiliate link below. You get real tools that deliver real value. Everyone wins.

# 1 - Pithy Security | Cybersecurity News - The free newsletter that cuts through the breach noise and keeps you two steps ahead of the threat actors. Every issue lands with the 3 cybersecurity stories that actually matter this week, written in plain English without sacrificing depth. Five minutes. No filler. Join thousands of readers who refuse to be the last to know.

# 2 - Galaxy.AI, The All-in-One AI Platform - Why pay for ChatGPT, Midjourney, and three other tools when Galaxy.AI puts every top LLM, image generator, video tool, and ad creator in one place? One account. One flat price. Unlimited creative firepower. This is the unfair advantage your competitors don't have yet.

# 3 - Follow @mrcomputersci on X - Between issues, I'm on X posting real-time security hot takes, AI threat analysis, and threads that go deeper than any newsletter can. If you want to be in the room where it happens, follow along.