Most tech savvy business owners know that cybersecurity is key to earning customer trust and succeeding in today’s virtual world. You may have thought you were all set with a firewall, antivirus software, and employee phishing training. But lately you’ve heard a lot of podcast ads about NordVPN and it’s got you asking – does my small business need to invest in a VPN?
Every small business should invest in a VPN (virtual private network), as it’s a simple and incredibly effective cybersecurity tool. VPNs create another layer of protection between cyber criminals and your sensitive data, no matter where or how you and your staff connect to the internet.
Want to know how VPNs protect your business, which devices you should be using them on, and how to choose a VPN provider? Keep reading!
VPNs and You
How Virtual Private Networks Work
A VPN is a simple piece of software that you install on your company devices. This software works in two ways to ensure the integrity and security of your data:
- It creates a secure, encrypted, end to end connection from your device to the internet. Think of the VPN as a digital tunnel that only authorized personnel can use to get from A (company device) to B (the internet).
- Every device that can connect to the internet has an IP address which can be tied to its physical location. Think of the IP address as your home address. The VPN creates a digital P.O. Box which shows up instead of your actual IP address when you connect to the internet with it.
VPNs can be installed on computers, tablets, smartphones, and even smart TVs. The software is usually licensed to a limited number of devices. Learning which company devices to prioritize is key to successfully implementing this threat prevention strategy.
Why You Should Invest in a VPN
To explain why your (and every) small business should have a VPN, let’s look at the two avenues of protection they provide. The way VPNs are designed tells us a lot about the cyber threat they’re meant to protect against.
Protect Your Connections
An end to end encrypted connection to the internet is needed because our society and work culture have become increasingly mobile. Whether you’re traveling for work and trying to stay on top of projects, or simply catching up on emails at lunch in between meetings outside the office, you need an internet connection.
Public wifi networks are extremely vulnerable to monitoring and scraping of data by bad actors. Your email and cloud storage accounts are full of sensitive data ripe for the taking. Even if your favorite coffee shop password protects their wifi, anyone with the password can access the data of anyone on that network who isn’t protected with a VPN.
How VPNs Work On Public Internet Connections
Public wifi networks are so insecure, PureVPN stated that in a recent survey, nearly 70% of hacking incidents occur when you connect to unsecured Wi-Fi networks.
But how do bad actors actually go about getting your precious data?
The most common attack type is called a man-in-the-middle attack, which is when attackers intercept the data being transferred from your device to the internet. At smaller establishments, like your favorite local coffee shop, you may also run into a lack of encryption on the free network or even hotspot spoofing.
There are also tools called network scanners that can find all the devices connected to a particular network and easily find vulnerabilities.
What Types of Venues are Most Dangerous?
By far the most targeted venues are cafes and coffee shops, but airports, hotels, exhibition centers, and in-flight wifi are all places you want to be extra careful.
Even large chain coffee shops, like Starbucks, can be easily hacked since the internet connection is likely managed at a local level, not at a corporate one. While we are sure the higher-ups at a large corporation like Starbucks have guidelines and best practices for internet setup and use, there is a lot of room for human error when you’re working with employees many times removed from those that make the guidelines
In short, if you are using public internet, assume your data is not safe. The extra layer of protection a VPN provides significantly reduces the risk of using public networks on company devices and it’s definitely worth the cost.
Obscure Your Activity
Your IP address may not seem like a valuable or useful piece of information on its own, but it’s a gateway through which bad guys can observe a lot about you. They can follow your browsing habits and your personal patterns. This enables them to launch social engineering attacks against you or your staff using the information they have about your behavior.
Additionally, if your entire small business has had a VPN installed on their devices, it’s impossible for hackers to get a sense of your company’s habits or behavior. This prevents them from spoofing any of your IP addresses to gain unauthorized access to your internal network.
Which Devices Should I Protect?
You should invest in a VPN on devices that anyone does a significant amount of work for the business on.
If your employees work from home, logging on via a remote access VPN is still a much more secure practice.
Plus, even employees who work from home need to get out of the house sometimes. A VPN makes it easier for your staff to work from a different location such as their favorite cafe.
If anyone spends time traveling, it’s even more important to protect your devices with a VPN. Every single public network you connect to increases your cyber risk.
We recommend installing a VPN on all company computers, tablets, and smartphones.
How to Choose a VPN Provider
There are many factors to consider anytime you choose to implement new software company-wide. You should be especially careful when selecting security measures. Being careless in this process could actually compromise data security rather than ensure it.
- Cost: As a small business owner, profit margin and budget are always a concern. A free VPN service might seem appealing, especially if things are tight. Be wary though, as most free VPN services are still for profit companies. They make their money through pesky ads at best, or selling user data at worst.
- Provider’s Home Country/State: VPN service providers are bound to the privacy laws of the country they reside in. When choosing a VPN service, consider the privacy laws where they are located. Find out if they are compliant with your industry and personal standards.
- Provider’s Privacy Policy: While most VPN providers advertise that they don’t keep any logs, it’s better to review the privacy policy in detail. You want to make sure they don’t keep too much of your data. Most VPNs need at least connection logs to provide their services.
- Experience: VPNs are booming right now- which means there are a lot of new providers on the market. Newness in and of itself isn’t an issue, but some providers won’t disclose much in the way of their background or knowledge in the field. That lack of transparency should be a warning.
- Reviews: Online reviews can be really helpful when you’re choosing software, but they can muddle the point too. It’s important to remember that reviews can be biased due to sponsorships. Don’t stop at the testimonials on the company website. And think critically about the sources you find when you Google.
How Next Generation Firewalls Can Help
Your firewall, if it is a Next Generation Firewall, may have a VPN built right into it. This means you would not have to invest in a VPN subscription service like NordVPN. In this case, you have your employees log in via a remote access VPN.
When a team member opens their internet browser, the same rules you have for in office users now apply. You control the policies of all users while they are using business-owned devices, such as enforcing antivirus updates or web reputation filters.
Did I mention it is often included with your firewall? At no additional cost to you! Talk to your IT department or IT managed service provider about setting it up.
We know, all these factors are a lot to consider. If you find yourself feeling overwhelmed, the experts at CloudNexus are available to answer your questions or soothe your concerns. Give us a call anytime.
A Final Word
A reliable VPN is a key component of a robust information security plan. They’re easy to implement and comprehensive in their protection. Every small business owner needs to invest in a VPN.
In order to feel truly safe connecting to the wifi in the airport lounge or hotel dining room, you and everyone else in your organization should do so with the security a VPN provides.
To learn more about other ways you can protect your business, explore the rest of our blog, Plugged In. It’s full of tips and cybersecurity advice for small business owners just like you.