Why remote workers should use a VPN

As the popularity of remote work has skyrocketed, so have malicious attacks attempting to gain access to companies’ infrastructure and assets. This article explores how using a virtual private network (VPN) can help remote workers keep their company network secure.

Remote work has become an established part of our workaday lives, and it’s not going anywhere soon. This work-from-home explosion means that more employees than ever need access to company resources — including sensitive information and assets — from outside the organization’s network. Against a background of rapidly escalating cyber attacks, companies and security professionals need a robust set of tools and policies for giving employees access to the resources they need to do their jobs, while keeping secure data secure, and malicious actors at bay. A virtual private network (VPN) is a crucial component of an organization’s security posture.

VPNs create a secure access channel to remote equipment. They prevent others from inspecting your traffic so attackers can’t locate your device or the machine you’re connecting to. In a business context, VPNs can guard against information exposure when remote workers connect from outside the corporate network, allowing work activities to continue with a reduced risk of a breach.

Selecting the correct VPN is an important step in hardening your company’s communications. This article will introduce you to VPNs and explain how they facilitate secure remote access.

Remote working with VPNs

VPNs create encrypted communication tunnels between devices that exist in separate physical networks. Data traveling through these tunnels can’t be accessed from outside of the VPN. This boosts your security and provides a degree of anonymity.

The protection you’ll gain depends on the type of VPN you choose — consumer VPNs are less likely to fully secure your data than solutions that are specifically aimed at enterprise use. A corporate VPN service should have undergone more stringent testing and is more likely to offer enhanced control.

Devices in a VPN behave similarly to ones that are physically networked together. Good VPN implementations will provide expansive controls for customizing your network through access controls, DNS settings, subnet routing, and HTTPS certificate generation.

VPNs are designed to protect data while it’s in transit between devices. They can also guard your infrastructure against public network attacks and provide a mechanism for enforcing traffic filtering and blocking rules.

A VPN allows remote workers to securely access servers managed by their organization without making them accessible on the wider internet. These servers could reside in the office, at headquarters in a different country, or in the cloud. In these situations, there are physical network barriers between the users and the data they need.

VPNs also allow simultaneous use of multiple remote assets. Your device joins a virtual network, so it can interface with anything else in that network. A single VPN connection could grant access to an organization’s file server, printers, and databases, with each device and application able to contact the others.

Choosing a secure VPN

VPN tunneling facilitates safe network access for remote working, but not all solutions provide the same depth of security. Here are qualities you should expect a solid VPN to include:

  • Security. It almost goes without saying that any VPN used in a corporate setting needs to be secure. Inspect the protocol used by your provider — WireGuard® for example — and research whether it’s been targeted by attacks. It’s also a good idea to investigate the provider itself. Find out where it’s based, its team size, and how long it’s been trading for. A young service that’s already reported some breaches should be a warning sign. Additionally, using a VPN provider that maintains open source code, such as Tailscale, can provide further peace of mind that your network is secure by being publicly auditable.
  • Encryption. VPNs use public-key encryption to protect your communications, and different encryption standards are available. The strength of encryption is one of the most important factors when determining whether your VPN can adequately protect your data. The entire VPN solution should be encrypted, including the data passing through it and the management communications between the VPN client and its servers.
  • Logging policy. The VPN provider’s logging policy is similarly important when data-sharing alliances apply. VPNs may retain logs about your usage, either due to legal requirements or to aid debugging efforts. Any logs that do exist could be accessed by authorities, including those in other countries. You should choose a VPN provider based on your sensitivity to data sharing, and the level of support required.
  • Support. Good support is essential if remote workers rely on a VPN to carry out their day-to-day tasks. You can check social media, blog posts, and review sites like Trustpilot to establish how responsive a provider will be. You can also try contacting the company before you commit — a high-end provider should be happy to discuss any technical queries or concerns.
  • Speed. VPNs introduce latency as your traffic has to flow through the VPN provider. Quality VPNs will use efficient protocols and have sufficient resources to keep any slowdown to a minimum, ensuring you don’t suffer productivity losses due to network delays.
  • Number of simultaneous users or connections. A VPN that will be used across an entire organization needs to support enough simultaneous connections for all your devices. Most providers cap the number of devices and users you can add to each of their plans. A quality VPN solution will allow an unlimited number of devices on its higher tiers or will have soft limits on lower tiers, giving you the flexibility to create the network you need.

The strength of these qualities often depends on the technology that underpins the VPN. The aforementioned WireGuard protocol, for example, is a premier choice for modern VPN implementations. It’s widely used, regularly audited, and remarkably simple. It presents a small attack surface, runs on all major platforms, and is highly performant. WireGuard-based VPNs like Tailscale also tend to be more responsive as there’s less inherent latency in the protocol.

Risks of a VPN

VPNs enhance remote access security. However, they can’t protect against lax cybersecurity habits. Believing that their environment is fully secured by the VPN, some employees might be lured into a false sense of security and reuse simple passwords, not enable multifactor authentication (MFA), or open attachments from unknown email addresses. Consistent employee education and training remain a fundamental component of securing your network.

Here are some other red flags you should look out for and how to best mitigate them:

  • Third-party hacks. A successful attack against your VPN provider could compromise your connections and enable data leaks. The best way to mitigate this is to use a reputable business-oriented provider that has a strong focus on security and compliance. You have to be able to trust your VPN to keep your data secure.
  • Careless credential storage. Your VPN credentials need to be saved somewhere on your machine. Storing them using insecure formats such as plain text or an easily accessible local database leaves them vulnerable. More robust VPNs will properly integrate with your operating system to store credentials within your device’s dedicated security hardware.
  • Phishing attacks. VPNs don’t defend against every type of cybersecurity risk. Your organization could still be targeted by phishing attacks and other social engineering scams, where employees are tricked into revealing credentials or sensitive corporate information. Regularly training employees on how to spot phishing and other social engineering attacks is essential to mitigating this vulnerability.
  • Exposure to malware on devices. VPNs open a tunnel between your device and your organization’s network. While the tunnel is secured against outside intrusion, threats that already exist on your machine or other device could detect its presence and move into your corporate infrastructure. VPNs don’t obviate the need for your servers to be protected by regular anti-malware solutions.
  • Slower network performance. This can be a problem for speed-sensitive applications or field work on cellular devices. VPNs always incur a performance penalty, and they can increase your data usage. Although not a security risk, bandwidth restrictions will make it harder to work efficiently. Choosing a high-end business VPN that’s more likely to be fully optimized can reduce these effects. VPNs built on the traditional hub-and-spoke model can also suffer from slower performance, as all traffic must be routed through a central location. By contrast, mesh VPNs, such as Tailscale, enable devices to communicate directly to each other, removing that central bottleneck.

Conclusion

Remote work is more popular than ever in the wake of a global pandemic and a broader shift toward employee autonomy. Organizations need to move carefully though: Allowing users to directly connect to internal infrastructure creates a risk of information exposure. Using a VPN lets you privately tunnel into your corporate network, establish secure communications between devices, and evade prying eyes.

With so much at stake, you should only use VPNs that are marketed for business use and have received external security audits. Tailscale is a VPN solution for homes, home offices, and enterprises that works on any device and installs in minutes. Your secure network is created without any manual configuration or brittle firewall rules. Download Tailscale to get started.

Get started with Tailscale today.

Frequently Asked Questions

VPN technology can be confusing because so many different implementations are available for specific use cases. Here are a few common questions you may have about using a VPN for remote work.

Can I use a consumer VPN for my work device?

Consumer VPNs may have similar features to work-oriented solutions, but they won’t usually be suitable for corporate remote access. A consumer VPN could be slower than a business one and may include more stringent usage restrictions. This can prevent you from adding your full device fleet to your network.

Business VPNs are more likely to have undergone comprehensive security testing compared to their consumer counterparts. They’ll also give you a higher degree of control such as custom routing rules and access control lists. These features help you replicate traditional on-premises networking layouts within your VPN.

Is a free VPN safe for working from home?

Several business-class VPNs offer a free tier, but these are normally intended for small teams and personal evaluation. Most organizations should pay for their VPN to get the most complete features, security, and support. Remember that your VPN could be the barrier that protects your organization from compromise.

Which of my devices should be on the corporate VPN?

You should add all the devices that you use for work purposes, usually those owned or supplied by your organization. If your organization has a bring your own device (BYOD) policy, any personal devices that you routinely use for work should also be added.

It’s also recommended to exclude devices that aren’t used for work from your company VPN. Attackers could access your VPN if a device is lost or stolen, so keeping the hardware count as low as possible shortens the threat perimeter.

How does a VPN differ from Remote Desktop Protocol (RDP)?

Microsoft’s Remote Desktop Protocol (RDP) is another way to achieve remote access to a computer. The RDP standard is a mechanism for controlling a remote machine over a network connection. RDP provides an encrypted tunnel to the target host, similar to VPNs. But RDP connections are made to individual computers and require you to log in with a user account that exists on the remote machine. VPNs offer a much broader range of features by joining your device to a virtual network.