Do companies still need to use a virtual private network, or are VPNs a thing of the past? Discover what IT experts around the nation have to say on the topic.
Virtual Private Network (VPN) solutions are widely advertised but do businesses actually use them? What do the experts have to say about VPN usage? Do they recommend it as a vital tool to keep company information safe or an optional setting that can be used or disregarded at will?
IT MSP experts from various locations weigh in on these all-important questions. Their comments offer a great deal of insight into how VPN technology works and why it’s still one of the best ways to protect your valuable information from malicious third parties.
VPNs are Still Important
Nick Allo from SemTech IT Solutions in Orlando, Florida, notes that it is his company’s standards policy for all mobile users to have a VPN connection. He notes that it’s extremely important for two reasons: one, it enables the company to leverage the power of firewalls to filter out malicious content; two, it ensures employee accountability when staff members access company data from a remote location. In short, it’s a must as it enables the business to control the outcome of any online connection to the office.
Jason Simons from ICS in Houston seconds Mr. Allo’s comments, noting that a VPN is essential to encrypt files and data being transferred from the office to another office or a remote location. He asserts that it should be the corporate policy for remote access for any company, pointing out that workers should not be allowed to create their own encrypted access as “DIY” secure access options such as LogMeIn have vulnerabilities. At the same time, he notes that in some cases, it is possible to skip VPN use if one is using a web-based application protected by HTTPS protocol. Such application options include Microsoft 356 and Citrix web portals.
The Downsides of Using a VPN
At the same time, it’s important to note that a VPN alone won’t protect your company from hacks and breaches. Don Baham from the Kraft Technology Group in Nashville, Tennessee, points out that while VPN solutions are still widely used, they do have their flaws. Perhaps the biggest flaw is that many employees fail to use two-factor authentication when using a VPN. This means that a hacker who manages to steal an employee’s log-in information would have unrestricted access to a company’s data. Mr. Baham’s concerns are well-placed. Recent statistics show that a whopping 83% of all Americans use weak passwords; what’s more, over 50% of Americans re-use the same password for multiple accounts. Without two-factor authentication, a VPN provides little additional security. Typical passwords use a person’s name, the name of one of his or her family members, a pet’s name, or one’s birthday. This information can easily be gleaned from a person’s social media accounts, making it easy for cybercriminals to gain access to corporate information even if it is accessed using a secure connection. Furthermore, as Mr. Baham points out, many VPN solutions are designed for workers on a corporate campus setting and/or those who are using a company-issued device with corporate security controls. As many remote workers use an open network and/or a personal device, companies should use additional security controls to ensure that all traffic to and from the device in question is clean and authorized.
The Final Verdict
Experts agree that using a VPN is a must, and it’s not hard to see why. Cyberattacks are becoming increasingly commonplace and hackers are targeting a wide range of victims. Small business owners, international corporations, financial institutions, municipalities, educational institutions, and even healthcare providers have all been breached by malicious third parties looking for ransom payments and/or sensitive data that can be used for nefarious purposes. A VPN adds an extra layer of protection to your IT set-up by encrypting communications to and from a device, making it difficult for hackers to gain access to data as it travels via the web.
However, a company can’t rely on a VPN alone to protect its valuable data. VPNs, like all cybersecurity solutions, have vulnerabilities. Business owners need to ensure that employees use strong passwords and two-factor authentication to keep remote communications fully secure at all times. Cybersecurity training for staff members may be in order to help employees understand the importance of cybersecurity and know to use the tools at their disposal to keep IT hardware and data safe from attacks. Moreover, a company should do careful research before choosing a VPN for corporate use. Mr. Baham recommends checking to see who owns the product, analyzing the VPN’s privacy policy and ensuring the VPN is easy to use before signing the dotted line. Careful VPN selection, accompanied by best cybersecurity practices, will help protect a company’s network from cyber threats both now and in the future.