If anything is predictable in life, it’s that bad actors take advantage of bad situations. Case in point, since the stay-at-home orders took effect around the world there has been a huge uptick in phishing attempts. It has become so bad that, depending on the report, the increase has been anywhere from around 350 percent according to Google, up to a staggering jump of 667 percent.
Keeping employees secure and productive, even while they work almost entirely away from the protected environment of the office, is a critical undertaking for any IT department. It involves giving employees the right mix of communication and collaboration tools that work seamlessly at or away from the office, as well as having security tools in place that will keep workers safe, even when using private and public Wi-Fi and cellular connections. Then, of course, there are the other basic things that IT admins should be doing, including advocating for security awareness training so that employees can be more prepared to identify email scams (and stop re-using passwords).
On the technology front, maintaining security for employees is like whack-a-mole. It always has been and always will be a moving target. As soon as advances are made, the bad guys step in to find vulnerabilities. They look for ways to crack or hack the technology through a variety of stealthy means or even via brute force, such as denial of service (DDoS) attacks.
VPNs can help
At this stage we’ve all heard of virtual private networks (VPN). VPNs are cost effective and generally easy to set up. In essence, they provide a secure, encrypted connection that can ‘tunnel’ valuable data directly between an employee’s device and the specific resource, for example a database managed on a corporate server. It’s a trusted and mature technology that was originally designed as a peer-to-peer (P2P) means of communicating between devices back in the late 1990s. And it’s a tool that can still be used today to help keep information out of the hands of would-be attackers.
Keep in mind, however, that a VPN isn’t a panacea. In its simplest form it encrypts the traffic, but it won’t prevent an individual user from falling victim to the aforementioned email phishing scams, or from getting a virus due to risky behavior.
For a more holistic approach to security, a VPN designed with today’s mobile workforce in mind can be combined with a zero-trust architecture, such as a software defined perimeter (SDP). This creates a very effective security platform that is much more context-aware and able to prioritize work-related applications while identifying and denying access to unsafe traffic.
When to use a VPN
To achieve the best security, a VPN should be used as often as possible. Traditional VPNs were either ‘on’ or ‘off,’ resulting in slow or unresponsive networks and applications if all employees were using the existing bandwidth to push their data down a single pipe. Modern VPNs are capable of ‘split tunneling,’ allowing some traffic – such as Office 365 or Salesforce data – to go directly to the Internet, without using limited corporate network resources.
Using a VPN is particularly recommended when using Public Wi-Fi networks, as these can easily be spoofed by bad actors attempting to intercept data as it passes through their device. By encrypting all of the traffic the data remains safe. Even if a hacker manages to grab it, they won’t be able to use it for nefarious purposes.
The best enterprise VPNs are ones that can be implemented with negligible disruption to employees’ existing workflows. In fact, some are so good that they’re virtually invisible to the employee, and can even improve productivity by ensuring that applications stay connected even when the Wi-Fi or cellular signal drops. It’s also important for IT teams to find the VPN solution that employees will actually want to use, rather than trying to find creative ways to switch it off or work around it.
So, long story short, when should employees be using a VPN? All the time. The next question is, how can organizations choose the best enterprise VPN to suit their needs? One of the best ways is to evaluate the VPN from two points of view. First, does it improve the user experience while keeping employees safe? And second, does it provide the ease of use and network visibility that IT administrators demand. If not, keep looking.