When employees transitioned to remote work arrangements earlier this year to slow the spread of COVID-19, businesses needed a way to securely connect them to corporate networks. Many companies have turned to a Virtual Private Network (VPN) to give their team members access to essential data and applications from anywhere.
That’s reflected by a survey of six prominent VPN providers conducted by TheVPNExperts: All of the suppliers included in the study said the pandemic had resulted in more end users. Additionally, half of them predicted that VPN usage levels would remain elevated even after the current crisis dies down.
However, cybersecurity experts have issued warnings and voiced concerns about potential risks and issues with VPN solutions. If you’re thinking about implementing this type of tech to keep your remote employees connected, consider the following information first.
How VPNs Work
Essentially, a VPN is a private network that uses a public network to connect remote end users or locations, according to Cisco. Usually, your remote employees will rely on this technology to access your company’s Local Area Network (LAN). A VPN solution can benefit your organization in some ways, such as the following.
- Granting remote workers secure access to your corporate network
- Containing costs, compared to a traditional Wide Area Network (WAN)
- Increasing productivity by allowing your team members to work effectively from anywhere
Still, the success you have with a VPN solution depends heavily on which supplier you choose and the implementation of proper security controls.
VPNs and IT Security: Potential Issues and Ways to Combat Them
As VPNs surge in popularity as a way to empower people working from home, security experts have warned that companies must proactively ensure the remote access technology they rely on is as safe as possible, according to the ZDNet article “With everyone working from home, VPN security is now paramount.”
For instance, in March, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) issued an alert about enterprise VPNs, advising that companies using this technology “adopt a heightened sense of cybersecurity.” More specifically, the DHS CISA cautioned that failing to patch and update VPNs on a regular basis and a lack of multi-factor authentication (MFA) for remote access accounts – combined with a potential uptick in phishing attempts by malicious actors seeking to exploit individuals working from home – could lead to breaches.
On top of that, a lack of security controls on the supplier’s side can also lead to issues. For instance, it recently came to light that various free VPN platforms had left their servers open, potentially exposing the personal data of more than 20 million end users, according to the vpnMentor blog entry “Report: No-Log VPNs Exposed Users’ Logs and Personal Details for All to See.”
Subsequently, if your business decides to use a VPN, it’s advisable to avoid the free options and vet the supplier carefully. The DHS CISA also recommends the following mitigating actions, among others:
- Educating your employees on how to spot phishing attempts.
- Using MFA for all remote access accounts.
- Updating and patching your VPN solution (as well as all other remote work infrastructure) routinely.
It’s also crucial to have other cybersecurity solutions in place, such as data loss prevention and endpoint and network Managed Detection and Response (MDR), according to the BankInfoSecurity article “COVID-19 Crisis: How to Manage VPNs.”
An Alternative to VPNs: Zero-Trust Network Architecture
If you want to go beyond what VPN solutions offer in terms of cybersecurity, it’s worth looking into a zero-trust network architecture with a Secure Access Service Edge (SASE). We offer this via our Office Anywhere platform. Instead of giving end users access to your entire network, they only connect to the apps they need to do their jobs, based on their access requirements, device security checks and a determination process. This solution also offers unlimited scalability, the ability to use any device and a single secure end user identify, making it ideal for businesses seeking to accommodate people working from home while still maintaining optimal security posture.