3

I work remotely and have to go to Europe for a few weeks in order to deal with a family emergency. I don’t want to explain the situation to my company and I know it won’t affect my work productivity. Will I be able to log into the network/VPN from there, and if so, will it alert IT for a possible security threat? (There are no international branches, only based in the US).

Walter0326
  • 31
  • 1
  • 1
  • 2
  • 2
    We don't know and we can't know. It's possible that they block or monitor certain origins, although I'd guess it's unlikely. Monitoring these types of events would be way down the list of interesting events to monitor. – Volker Aug 02 '19 at 09:24

3 Answers3

4

Only your company can know the answer to that question. However, I would suggest that there is still a firm answer here.

Europe may be blacklisted

If someone at your company wanted to track people connecting internationally, then they certainly can. However, that wouldn't be my concern. My concern would be that I would show up and find myself blocked entirely. I've met many IT administrators here in the US who reflexively block international IP addresses simply because there is no legitimate need to accept international connections, but international traffic still causes trouble. To pick two real life examples, I once watched someone block most of Asia because the Baidu spider happened to be hitting resource-intensive pages on a web server, and I saw someone block large sections of Europe because of automated port scanners coming out of Eastern Europe. For companies that work exclusively in the US, it's not crazy to ban access from other parts of the world.

Here is a question from someone who discovered that their health care provider's website blocks all connections from anywhere outside of the US. I figured it was worth a mention as an example of one (of many) cases where a company restricts international traffic.

You can always try to test it from here

If you can find a VPN with an exit point in your destination country, you could try signing up with that VPN service, using its exit point in Europe, and then connecting to your work VPN. Setting up a double VPN can be a pain (I've never actually done it), but it's still less of a pain than showing up in Europe and having to call your boss because you can't work. You may also find out if they track connections from Europe, if your boss calls you up and asks what's going on.

Summary

As a result, it's possible that you'll show up and find you can't connect at all. It's also entirely possible that you'll show up, have no problems, no one will find out, and no one would care if they did. Unfortunately the only thing that can be guaranteed is that your company could find out if they wanted to, and that they might have already blocked international traffic for reasons completely unrelated to employees like you.

Ultimately only your company can answer this question, and you're going to have to decide which you are more worried about: showing up in Europe, being unable to work, and having to call and fix it, or talking to your company about it.

Conor Mancone
  • 29,899
  • 13
  • 91
  • 96
1

There are many practical and legal gotchas with having an employee of a US-based company working remotely from outside the US, most of which are outlined at https://workplace.stackexchange.com/questions/132796/why-do-remote-us-companies-require-working-in-the-us/.

In keeping with the Information Security theme, there are also physical security issues with taking a laptop or even a smartphone abroad. Many companies have a policy that company-owned equipment, or even personal equipment used for company business (where that is permitted), must not leave the US lest it be confiscated or forcibly searched on return to the US. Customs agents have been known to detain US citizens at the border and force them to provide access to any and all devices they have on their person or in luggage: one such high-profile incident is documented at https://www.theregister.co.uk/2019/04/02/us_border_patrol_search_demand_mozilla_cto/. In these cases they do not take no for an answer and they take the position they are not legally required to provide you access to counsel (because you are in what the ACLU refers to as the "Constitution-free zone"). There are workarounds for this situation but they require your employer to know in advance what you are doing and provide you with "clean" equipment specifically configured for international travel, if you are allowed to do this at all.

So in this case, "it's always easier to ask forgiveness than permission" does not apply. As much bother as it seems, I would consider it imperative that you discuss the situation with your employer before attempting to work remotely from overseas.

Mike McManus
  • 1,415
  • 10
  • 17
0

If your employer uses Office 365 or Azure, they may be subscribed to Enterprise Mobility + Security which includes detection for anomalous sign in behavior from users. If a domestic user suddenly starts signing in from an unfamiliar/overseas IP address, it triggers alarms.

https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security

https://azure.microsoft.com/en-us/features/azure-advanced-threat-protection/

myron-semack
  • 488
  • 4
  • 8