Addressing security when working remotely
Easily the biggest non-negotiable when working from home is security. It’s a given that if an employee logs in from outside the office, they need to do so on a protected connection — not only to protect themselves, but also to keep their company safe from the financial damage and public fallout of cyberattacks.
Often, the answer on how to achieve that secure connection is a VPN. On paper, it seems reliable enough: the IT department sets up the connection, employees connect to it and, voilà, they’re safe.
However, this overview ignores prevalent issues with a VPN. Rather than keep remote workers safe, VPNs tend to give companies only the illusion of total security, making distributed workforces less secure as a result.
Is everyone always connected?
One prominent issue with this setup is that a VPN requires total employee compliance to function: the only way that the connection will deliver security is if workers actually connect to the network. Without that connection, there’s nothing protecting their communications from hackers.
While companies will naturally tell employees to never forget using a VPN when working from home, there are still cases where company policy won’t translate into action. Suppose, for example, an employee wakes up late and forgets to connect to the VPN as they rush to log in. Or, suppose they need to make a quick VoIP call to a colleague off hours, and don’t feel like connecting to the VPN again.
The fallout from these mistakes can be severe, to be sure. But the problem is that they’re simple, human mistakes, and therefore all the more easy to commit when using VPNs.
Not-so up to speed
Neglect is also possible with VPNs because of how they can be draining on bandwidth.
Because VPNs create a private network within an existing internet connection and encrypt all files delivered over it, data usage over a VPN increases by 10 to 15%. And for those employees who have a poor internet connection at home, even this much of an increase can be disastrous. While there are ways to improve bitrates in a home office, at the end of the day these methods only do so much.
So if a download is chugging along poorly, or if the quality in a videocall drops, it’s going to be very tempting for a smart working employee to cut off their VPN to compensate (yes, even if the company security standards instruct otherwise).
“All or nothing” protection
But, let’s suppose that all smart working employees use the VPN up to standards. Would that bring total security to a distributed work company?
Not quite. Remember that, no matter how secure you make your private network connection, a VPN is just one layer of protection against hackers and malicious agents. Once it’s breached, hackers have free reign to intercept communications as if they’re part of the hired team. It’s all or nothing security at its most obvious, with no real safeguards past that initial connection access.
This means gaining access credentials for VPNs is a veritable gold mine for hackers, as they serve as their express ticket to all your company’s communications. Ironically, using a VPN gives perpetrators of cyberattacks an easy blueprint for attacking a corporate connection.
Do you trust your provider?
It’s far from impossible for hackers to get VPN login credentials, too. All bad agents have to do is go directly to the source: the VPN provider.
Baked into VPNs is the fact that the network provider holds onto all the credentials for logging into the network. Unfortunately, this isn’t always a case of well placed faith, considering a majority of companies experienced a third-party data breach in 2018. (Consider also that even prominent VPN provider NordVPN themselves suffered a massive data breach.)
Again, given that a VPN setup gives companies just one layer of defense against hackers, this means the provider is effectively the one lone fortress protecting your entire network. If that feels like cause for alarm, it’s worth considering other options.
Looking to alternatives
So, what are those other options?
Rather than routing all company communications through one specially made secure server, it’s more secure and more convenient to just enforce security standards on all communications as they are initially sent. This means including security methods like encryption, private end-to-end channel creation and other protections built directly into the company’s communication platform. That “secure-by-design” approach is explained in more detail here.
Again, as smart work becomes the operative framework for companies, it’s more important than ever to fully understand the full implications of the security methodologies your company uses — and, in the case of VPNs, why it’s wise to seek out alternatives.
For more tips on technology and smart work, subscribe to receive our magazine for free!