With the recent surge in large numbers of employees working from home, the importance of using a VPN has become a topic within many companies. As a result, the questions of what a VPN is, and what VPNs do, have been getting a lot of attention lately. We’ll try to outline the basics about VPNs here.
A VPN, or Virtual Private Network, is a service that connects remote sites or users together over a public, unsecured, unencrypted network – usually the internet – privately and safely by establishing secure, encrypted connections. It routes data coming from your computer through servers in another location and scrambles it to make it unreadable.
In very simple terms, a VPN connects your PC, smartphone, or tablet to another computer (called a server) somewhere on the internet, and allows you to browse the internet using that computer’s internet connection.
A VPN’s purpose is to connect business networks together securely over the internet, or allow an employee to access a business network from locations outside the office. VPNs are frequently used by workers to access their business’ intranet, including all its local network resources, when they are on sales calls, travelling, or working at home.
Businesses with multiple offices around the country or world, and those with many employees working outside of the office (salespeople for example), need a fast, secure and reliable way to connect to their business's computer network from remote locations and share information across networks. A VPN is a popular technology to accomplish these goals.
Why VPN is Important
No matter where you use your device, you're at risk of a data breach. Unencrypted data is very vulnerable, as is any information that comes through an unsecured browser.
Wireless connections, especially public access points, are particularly vulnerable to cybercriminals or the malicious computer programs they use. This includes places that offer free Wi-Fi, such as airports, hotels, and coffee shops. A VPN can help to protect your computer and your information against threats on these wireless connections.
What a VPN Does
A VPN encrypts data so that an attacker cannot tell what a person is doing online. Essentially, a VPN makes a type of tunnel that prevents attackers and internet service providers (ISPs) from looking at your instant messages, browsing history, credit card information, downloads, or anything else that you send over a network. For the most part, this tunnel cannot be penetrated, and your transmissions cannot be viewed.
The VPN connection is private, and it can make any public network private for those who use them. Also, the VPN can be used on a desktop or any mobile device including laptops, phones, and tablets.
Perhaps most importantly, a VPN protects data. This data includes instant messages, e-mail communications, downloads, login information, and which sites you visit. The VPN alters your IP address, too. This makes it seem like you are using your computer elsewhere, which makes it possible to access sites like Facebook if they are blocked in your country or based on your IP.
Today, the internet is more accessible than ever before, and internet service providers (ISPs) continue to develop faster and more reliable services at lower costs than leased lines. To take advantage of this, most businesses have replaced leased lines with new technologies that use internet connections without sacrificing performance and security.
Businesses started by establishing intranets: private internal networks designed for use only by company employees. Intranets enable distant colleagues to work together through technologies such as desktop sharing. By adding a VPN, a business can extend all its intranet's resources to employees working from remote offices or their homes.
A VPN can keep a computer, smartphone, and any other device that is connected to the internet safe from hackers and malware, while keeping all personal data and communications safe from prying eyes. With cybercrime on the rise, it's easy to see why so many companies are using them – especially during the recent surge in large numbers of employees working from home. The VPN has become an essential tool for companies to protect their data and assets.
VPNs alone are not enough
A properly configured VPN can protect data in transit, but not necessarily the device or the business network to which the VPN is connecting. While VPNs can be an important tool for organizations to use to help protect their remote workers, it’s important to understand they are not without potential risk.
Again, a VPN creates an encrypted tunnel between your computer or network and a server at the VPN provider's location. From there, your data is sent to its ultimate destination. The risk lies during the time your data spends on the VPN provider's servers. Any VPN provider can decrypt your data if they want to, and potentially share it with others.
A VPN provider that allows torrenting or peer-to-peer connections should be avoided. Third-party peer-to-peer connections can allow their clients to install back doors for later use and give them access to network data during the entire time the VPN is active.
For these reasons, it’s important to vet your VPN provider and make sure it’s reputable. Furthermore, you should never use a VPN where you can't control the server. Insist on using a VPN solution that connects remote employees to the organization's server without an intermediate step through someone else's server. By connecting directly to a VPN server that you control, your data is better protected as it never goes through a third party.
The Importance of an Endpoint Protection Platform for Remote Work
Regardless of whether your organization uses a VPN for remote workers, it is essential to have an EDR solution in place on all endpoints across your environment.
IT and security teams have to ensure the security of hundreds of devices - desktops, laptops, and mobile devices that connect to the network. When these endpoints connect to an organization’s network from outside a well-protected, internal network, they create pathways for cyber-attackers to bypass standard security controls.
With large numbers of remote workers, IT and security personnel are overwhelmed with the task of managing and maintaining multiple endpoints with differing levels of security. Complicating the issue is a shortage of cybersecurity professionals. Many IT staff handling an organization’s security lack the training and expertise necessary to meet the challenges presented by endpoint security.
For those reasons, more and more organizations are considering endpoint protection platforms that can identify anomalies that point to potential threats. To learn more about how to set up a strong security practice, check out our white paper, Five Clear Steps to Enhance SecOps.