Are VPNs 100% Secure for Small Businesses?


June 17, 2020

Just like any layer of protection, virtual private networks (VPNs) are not impenetrable. But that doesn’t mean they aren’t essential. A bicycle helmet will crack under enough pressure, but that’s not a good reason to ride around without one or to buy the cheapest one available. 

Secure VPNs are as essential to remote employees as quality helmets are to bike messengers. They provide protection where it’s needed most.

What Protection Does a VPN Offer?

A virtual private network is a tool for hiding your internet activity. It creates a secure and encrypted connection between your computer and a trusted server. Without a VPN, anything you do online is tracked and logged by your internet service provider (ISP)

These logs include a timestamped record of every page you visit and every search that you make. Here’s an example:

If a website doesn’t encrypt its login forms, your ISP would even log a password you submit to a form! ISPs do their best with regard to cybersecurity, but it’s not uncommon for your online actions to be visible to the wrong people.

With a VPN, your computer connects to a trusted server and encrypts all the information you send it. Your ISP sees that there is a connection and data is being exchanged, but nothing else:

  • 2:33 PM Ryan sends [a bunch of garbled data] to [a random IP address]
  • 2:34 PM Ryan sends [a bunch of garbled data] to [a random IP address]
  • 2:35 PM Ryan sends [a bunch of garbled data] to [a random IP address]

This adds an important layer of security when your employees are working remotely. Just imagine that someone from your finance team needs to access files stored on an office server or in the cloud. Would you rather those actions were logged and timestamped? Obviously not.

But like we said, it isn’t a 100% perfect solution.

How Can VPN Security be Compromised?

We talk about threats to VPN security as the three Ps: people, passwords, and protocols. Each one represents a relatively simple risk to security that only becomes a larger problem if it’s not handled by experts.

The first P is people. Your VPN won’t provide an ounce of data security if your remote employees click on links from unverified sources or let their children surf the web on the company laptop. If one of those mistakes leads to a malware infection, hackers can snoop on what you’re doing before the VPN has a chance to encrypt it. Cybersecurity awareness training is vital if you want to prevent hackers from exploiting human fallibility to circumvent your VPN.

Next up is passwords, which everyone knows are important but somehow still neglects. Your people will need to log in to use the VPN and if the password required to do so isn’t unique and complex, it’s just a matter of guesses before that secure connection is jeopardized. Here are nine rules for strong passwords

The last and most difficult element of VPN security is protocols. Not all VPNs are created equal and free options like Hola! actually leave you worse off than using no protection at all. This is where expert IT security services really pay for themselves. You won’t need to decide between IKEv2 or SSTP protocols or even understand what these acronyms mean — a provider like Integris will do it for you.

As long as your people have been trained on cybersecurity basics, they use complex and unique passwords, and an experienced technician is giving your VPN protocols regular checkups, employees working remotely can safely connect to company data.

The 100% Secure Solution for SMBs

Integris provides managed IT services that take the guesswork out of technology planning, implementation, and support. Because you shouldn’t have to learn about topics like VPN security, you should have someone at your disposal to get it done!

If you’re a business owner in Wichita, Denver, Dallas, Bonita Springs, Rochester or Buffalo, we’d love to be that resource for you. Learn more about our services and pricing or email us at [email protected] for more information.

We're Integris. We're always working to empower people through technology.

Keep reading

vCIO vs. vCISO: What’s The Difference? 

vCIO vs. vCISO: What’s The Difference? 

Managing your IT operations is a big job, especially if you're a small or mid-sized company without the resources to hire a full internal IT staff. In these cases, most companies hire a managed IT service provider to fill the gaps. Yet, knowing who to hire and what...

Retainers for vCIOs and vCISOs: A Comprehensive Guide

Retainers for vCIOs and vCISOs: A Comprehensive Guide

If you're running an IT department at a small to mid-size company, you know— the demands on your infrastructure are greater than ever. Cyber threats are growing at an alarming pace, primarily fueled by the accessibility of AI to hackers. Cloud productivity, system...