Are VPNs bad for small businesses and their remote workers?
Are VPNs bad for small businesses and their remote workers? With the outburst of COVID-19, around 40 per cent of employees ended up working from home. The goto means for these remote workers to connect back to their business has been through Virtual Private Networks, commonly known as VPNs, which were first launched nearly two […]
Table Of Contents
Are VPNs bad for small businesses and their remote workers?
With the outburst of COVID-19, around 40 per cent of employees ended up working from home. The goto means for these remote workers to connect back to their business has been through Virtual Private Networks, commonly known as VPNs, which were first launched nearly two decades ago,
Virtual private networks, or VPNs, are secure networks that help businesses communicate with customers, vendors, and distributors. However, VPNs can be costly to implement, complicated to manage and come with their own risks if not correctly set up or managed. For this reason, small businesses and other businesses that may not have high-level IT knowledge may want to consider more cost-effective and more secure technologies for their remote workers.
Security Risks of VPNs
VPNs are not as secure as most people think or believe they are. VPNs allow employees, contractors and vendors full access to the business networks and servers. Access control lists can limit what the VPN user can gain access to, but this creates an initial setup overhead and complexity to manage on an ongoing basis. For small businesses that may not have IT staff or staff with limited time or capabilities, is this something you can guarantee that will be maintained? How quickly can new users be added for VPN access? Or access granted to new resources on the network? How quickly can departed users have their VPN access removed?
It’s not just about maintaining the access control lists. Hackers are always uncovering new means to breach technology, including VPNs. Regular patching and upgrades of the VPN server and software are needed to maintain the best level of security. Once a new vulnerability has been discovered, it’s publicly shared on the internet. If you do not patch immediately, you open up your entire business network with all your intellectual property to those whose goal is to cause harm. Kaspersky recently identified hackers exploiting an unpatched vulnerability in a well-used VPN.
Many companies have asked users to authenticate to the VPN using some form of multi-factor authentication (MFA). While that increases security, it is still prone to issues such as those seen with the recent Okta security hack that affected companies such as Microsoft, Samsung and others.
Using VPNs requires an initial upfront investment and ongoing resources to maintain access and to ensure security. This is not something to be taken lightly. If you do not have the resources or skills to maintain a VPN, you need to consider alternate connection means for your remote works.
Monitoring VPNs for Malicious Activity
You’re opening up your business network to remote users. You’ll want to record and monitor what is happening over the VPN. Most VPN servers will provide a means to record audit records for what is occurring over the remote connection. These audit records will often contain hundreds of thousands, if not millions of rows of data. It’s common for the audit records to be monitored once a new VPN is installed, but it’s not so common for that monitoring to occur daily.
If you are not actively monitoring activity on the VPN, how will you know if you have suffered a breach? You may only find out significantly after the event by other means, such as being served a ransom request for stolen files. If you do not have the resources to monitor the VPN audit records or the technical knowledge to understand what is occurring on the VPN, is a VPN the right technology for your business?
No Protection from Hackers
Do you allow your employees to access your business network from their personal computers? From their personal phones? You wouldn’t be alone if you did. A recent survey highlights that 39% of workers use personal devices to access the corporate network. If you do allow access, how confident are you that these devices have the correct local security measures installed? Such as anti-virus / anti-malware software that is not only installed but actively maintained with the latest virus and malware signature files.
Connecting a poorly maintained device to the VPN gives free rein for any infectious software on the device to be propagated onto the business network. Now you have an infected employee device and likely many infected servers on the network.
Even with a well-maintained device, your VPN is still ripe for attack. Many employees will take their laptops to the local coffee shop or café and connect to the VPN via these establishments’ free public WiFi network. They are now exposing themselves to “man in the middle” attacks where a hacker will “sit” in between the users’ device and the business servers. Once in the middle, they can intercept, interpret and manipulate all network traffic into and out of the business network.
Increased Complexity and Workload
If businesses want to implement high-security point solutions to protect their security and gain more control over providing remote access to employees and other users, it not only costs but also leaves room for human error or misconfiguration.
The process of setting up, configuring, and administrating the VPN is time-consuming. It is equally stressful for the IT teams. The workload for the IT team increases, resulting in higher costs, more complexity, and reduced productivity. As most businesses do not have a defined policy to formally plan and determine terms and conditions to access the VPNs, the IT staff must monitor all the VPN requests generated by the managers to verify their authenticity.
You’ve seen that a VPN requires significant capital outlay to purchase and correctly set it up in the first place. Many smaller businesses will outsource this work due to a lack of internal skills. But once set up, the VPN can not be forgotten. It requires active monitoring and support every day it is available. But what is the answer, particularly for smaller businesses with limited budgets and limited IT staff and skills?
MiFi hotspots, the modern and secure alternative to virtual private networks.
The bottom line is that remote workers require easy and complete access to the data they need, and it is very much their right to request this. The modern answer is to equip employees with a 5G MiFi hotspot. MiFi hotspots such as the Inseego range of routers create secure connections over the super-fast 5G mobile networks. They are inherently focused on security with advanced encryption built-in, hacker prevention, password protection, guest WiFi networks, remote management, active monitoring, configurable alarms, a traffic monitoring suite and more.
The M2000 is perfect for remote workers who also need connectivity while travelling, given its small size and an all-day battery. Buy the Inseego M2000 here. Alternatively, for those home workers or vendors who need a static connection, the Inseego FX2000e is the solution for them.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.