Despite the common perception, VPNs aren’t just a tool for surfing the shadowy underbelly of the internet. A VPN is a vital defence against cyber threats for anyone working remotely. Here’s why your staff need one. 

What is a VPN?

In simple terms, a VPN (or virtual private network) allows you to connect to business systems securely while using a public network. A ‘public’ network could be the free connection you get on public transport, the WiFI at your favourite cafe, or even your home internet router.

How does a VPN work? 

The best way to think of a VPN is as a ‘tunnel’, used only by you, between your workplace and wherever you’re working from. 

Rather than using the public network, a VPN routes your traffic through specialised servers and encrypts your data. When you connect to the internet via a VPN, all your data is sent through this encrypted tunnel. This has a couple of key advantages over using a public network:

Greater privacy

VPNs obscure your internet activity from your provider and everyone else. This effectively makes you ‘anonymous’ on the internet. Not only is this great for privacy, but it also means your IP address and location are invisible, making it much harder for cybercriminals to intercept confidential company data. 

Improved safety

An encrypted tunnel is very, very difficult to hack. VPN Mentor has produced some interesting research on the subject and concludes that the only way hackers can break VPN encryption is either through a known weakness or by stealing the encryption key (more on encryption keys here).

Essentially, a VPN is a pretty sure-fire way to ensure your business devices aren’t vulnerable to attacks coming from public networks. 

Why should your business use a VPN for remote working? 

We highly recommend using a VPN if you have employees working remotely, but why? You may be wondering whether it’s really necessary. After all, won’t the existing security on employees’ devices protect them? 

Unfortunately, this simply isn’t the case. If your employees are using public networks or their home router it’s likely to be far less secure than your office network. According to a report from BitSight, home office networks are 3.5 times more likely than corporate networks to be infected by malware. 

There’s also the human element to all this. Research shows that many employees, whether consciously or not, engage in riskier behaviour when working from home. For example, sharing confidential files via email instead of the usual, safer channels. Without the added layer of security a VPN offers, this confidential data could easily fall into the wrong hands.

Why you need a VPN for hybrid working too

If you’re planning on adopting ‘hybrid working’ as the norm post-pandemic, VPNs will be essential to keeping your business safe. 

Picture the scenario, one of your sales team has dropped into a coffee shop on the way back from an important meeting. They like the ambience of the place, so they decide to sit and fire off some emails and run through their sales deck while they sip a latte and munch on a croissant. To do this they need to connect to the cafe’s WiFi, an unsecured public network. 

Seems innocent enough, but on this particular day, a hacker is targeting the customers of this coffee shop. They see that your salesperson is working using the cafe WiFI, and that’s all it takes. In a few seconds, the sales deck and confidential data have been stolen. Your business is facing a choice between a PR nightmare or a hefty bill to get it back. 

How do you set up a VPN? 

The first step is to pick a provider. There are hundreds of VPN providers out there each offers slight variations on the same service. Many businesses stick with the major providers such as NordVPN and ExpressVPN and with good reason, both regularly win tech magazine ‘Editors choice’ awards. 

However, if you’re looking for the highest level of anonymity, smaller providers such as Mullvad VPN that require no payment or contact details could be the way to go. If in doubt, check out Tech Radar’s Best VPN Service 2021 list, it compares most of the major providers. 

Once you’ve picked, setting up a VPN is relatively easy. The set-up process is almost universal among VPN providers so it shouldn’t matter which you choose. We won’t go into exactly how you do it here, but this guide from The Verge covers everything you need to know. 

Want to know more about how to switch to hybrid or remote working safely? Download our guide, Cyber Safety in a New Era of Work here.

Coronavirus has the potential to change the world of work forever.

Unless you’ve spent the last few months consciously avoiding the media, chances are you’ve read that sentence a lot. From morning talk shows to breathless newspaper op-eds, it feels like everyone is talking about the society-wide shift to working from home.

But what started as a necessary evil that many businesses adopted reluctantly has turned into something else. First came announcements from Twitter and Facebook that employees would be allowed to ‘work from home forever’ if they chose. This was followed by a host of other businesses including Google, Amazon, JPMorgan, Captial One, Slack, Salesforce, Microsoft and PayPal extending their work-from-home options.

Why is this happening?

Well, it’s actually very simple. An increasing number of businesses are seeing the real benefits of a more permanent shift to remote working.

Why rent office space for 300 people when you could use a smaller venue for essential meetings at half the cost? Why insist staff make long commutes into the office, when they’re happier and more productive working from home? 

For many organisations, the COVID-19 pandemic has turned these questions from water cooler conversations into key pillars of business strategy. 

If your business is considering making the switch to permanent remote working, are you prepared for the risks you should be aware of? And, how can you overcome them and ensure your people are working safely? 

What risks does working from home present? 

While switching to remote working offers benefits in productivity and real estate savings, it also comes with some risks. Here are a few of the most common. 

Unsecured personal devices 

The first question to ask is: can you be sure your people will follow the same security protocols they would in the office? The networks and security tools your staff use at home are likely to be far less secure than those in the office. Home office networks are 3.5 times more likely than corporate networks to be infected by malware, according to a report from BitSight. 

There may even be a psychological element to this. As ZDNet has reported, 52% of employees believe they can get away with riskier behaviour when working from home. For example, sharing confidential files via email instead of the usual, safer channels. 

Lack of remote-working policies and procedures

Part of the reason employees are exposing themselves to risk at home is simply a lack of knowledge of these risks. The COVID-19 pandemic developed so quickly that many businesses didn’t have time to put in place clear policies and procedures for working from home so employees were literally left to their own devices.

This makes cybersecurity a bit of a guessing game, particularly for the less security-literate of your staff. 

Heightened risk of attack

Cybercriminals are smart but they’re largely opportunistic. And it hasn’t taken them long to figure out that switching to remote working has made businesses vulnerable.

VMWare’s recent Global Threat Report, reveals that 91% of global respondents have seen an increase in cyber attacks as a result of employees working from home. Meanwhile, the proportion of attacks targeting remote workers increased from 12% of all email traffic in March to 60% just six weeks later. 

91% of organisations have seen an increase in cyber attacks as a result of employees working from home.

Keen to exploit our hunger for coronavirus updates, cybercriminals have set up thousands of COVID-19-related ‘news’ sites. These double up as hosts for malware and domain names to launch phishing attacks from. Without the robust controls deployed by most corporate networks, it’s incredibly easy for people working from home to fall into the trap. 

The other area cybercriminals are targeting more regularly is VPNs. VPNs have long been a weak point for cybersecurity. They were only ever intended for small numbers of workers to use occasionally, not whole companies all the time. As a result, many VPNs are insecure and provide cybercriminals with a much wider ‘attack surface’ with which to launch threats. 

Reliance on the Cloud

We talked about some of the potential issues with cloud storage in a recent blog and, while it’s the safest option for businesses, it’s not invulnerable to attack. 

Working from home naturally increases your reliance on the Cloud. And this isn’t necessarily a bad thing. However, cybercriminals are becoming better all the time at breaking through providers’ defences and intercepting data as it moves between employees’ devices and the cloud. 

How can you overcome these risks? 

We’ve tackled some of the risks involved in switching to working from home, so what can you do about it?

Provide clear policies and encourage communication

This is the most important step on this list. If your people don’t know which behaviours are harmful, they can’t correct them. Ensure all security policies for workers are clear and easy to follow. If you don’t have a remote working security policy, now’s the time to draft one.

Alongside this, work to foster a culture of communication. That way, employees will feel comfortable asking for help with anything they don’t understand and reporting anything suspicious to internal security teams. All too often, security mistakes are made because staff feel ‘silly’ raising their concerns. 

Ensure the right security is in place 

Many of the most common threats can be prevented simply by ensuring your people have the tools they need. Check that all corporate-owned or managed devices are equipped with the best security capabilities. Also, make sure that the security best practices you’d use in the office are extended to the home environment. 

Maintain good password hygiene

Set up a password policy and ensure everyone follows it. Employees should always use complex passwords and two-factor authentication, as well as change passwords regularly. 

Make sure software is up to date

Your employees should regularly install updates and patches for the software on their devices, no matter how much they might enjoy not restarting their laptop for months on end. 

Keep it professional

Encourage your workers to keep work devices for work and personal devices for everything else. Limiting the number of sites employees visit can limit the risk of attack. 

Secure Wi-Fi access points

Network gateways are an underappreciated aspect of good cyber hygiene. Most of us don’t think much about our WiFi once it’s up and running. However, changing the default settings and passwords on a router can reduce the potential of attack from connected devices.

Understand the risks

Hopefully, this article has been some help in identifying some of the risks remote working presents. But it can’t be stressed enough that understanding the risks is key to preventing them. IT teams need to identify the most likely areas of attack and prioritise the protection of areas of your business that cybercriminals could do the most damage to. 

Although the switch to working from home comes with difficulties, it’s also a golden opportunity to remould the way your business functions. Alongside, the obvious real estate savings, remote working promises happier employees, more productive work and greener business practices. Don’t let poor cybersecurity stand in the way of your business embracing the future. 

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.