VPNs, or Virtual Private Networks, come in many forms. Some provide data encryption, and some don’t. While many business leverage VPN technologies to protect corporate information in transit through public WAN services such as the Internet, consumers often leverage VPN technologies for Internet privacy reasons.
There are many VPN services available, both free and commercial. Examples include NordVPN and TunnelBear VPN. These can be easily set up and can hide your information as it passes through the Internet. These services even can help you bypass Web filtering services deployed by your IT team. With all these benefits, why would someone not want to use a service like this?
Looking at VPN services through an IT administrator lens, it makes proper Web filtering and browsing visibility more difficult. Looking at it from the user perspective is a bit different; No calls to IT asking to unblock a Website, and no calls from IT to ask what you’re up to. This is efficient, right?
As a VPN user, are you 100% certain someone managing your VPN service isn’t viewing your data as it’s transmitted? Are you sure your bank account information isn’t being reviewed as it passes through the service? Are you sure the company financial documents you’re transmitting aren’t being intercepted as your computer sends data through a VPN service?
By using a VPN service, you are essentially giving permission to a third-party to intercept all communications between you and any Website or publicly accessible Internet service. You’re placing your trust in that service, including all security measures they have in place.
- For users concerned about company data loss over public WiFi – Leverage VPN connectivity back to your office. If you need all Internet traffic to pass through your office, then consider a ‘full tunnel’ VPN. This is similar to the third-party services, but your organization has control over the service itself.
- For employers – Restrict access to third-party VPN and proxy services. Ensure proper company policies and procedures are in place to educate employees on the risks of these services, and to help prevent them from being used.
- For users concerned about privacy – If VPNs are still desired, keep them at home. It isn’t worth the risk of a data breach or a security incident just to hide from a Web filter.