by Joseph Socolof
Contributing Editor

There are lots of blogs about managing cybersecurity during the Covid-19 crisis. And yes, in times of crisis where people are operating outside their standard routines, there is additional risk. The truth is, however,the actions organizations and people should be taking today are similar to what they were before Covid-19: training and awareness, patching, use of Virtual Private Networks (VPNs), etc…

We believe using a VPN represents a high value, easy way to mitigate cyber risks. The use of a VPN is basic hygiene in today’s connected world. By encrypting traffic between client devices and organizational infrastructure, you mitigate much of the risk associated with unmanaged networks. 

VPNs provide encryption of traffic between devices communicating across the internet or other larger networks. While VPNs are widely available and affordable today, not all products provide the same level of security and privacy. Care should be used in selecting a VPN. Cost, simplicity, credibility, accessibility, ubiquity, and mobile capability all play a role in selecting a VPN to use while working from home or the road. 

Selecting the right VPN requires answering a few questions:

Where is the provider based and who owns them? VPN providers are in almost every jurisdiction across the globe. Select those in countries that promote strong consumer protections and clearly state who owns the VPN provider. 

How does the provider’s network latency stack up? By definition, VPNs add additional ‘hops’ into the pathways that data packets flow. This is fundamental to security but could materially slow down business processes (e.g., a video conference between New York and Washington, DC might get choppy if the traffic must first travel through Lima, Peru).

What is their policy for log retention? Using a VPN means the destination of your data traffic is largely masked; however, the provider can still see your traffic requests. Good providers log minimal information and delete any logging of traffic flows on a regular basis so it is inaccessible should the provider be hacked in the future. 

How simple are the installation and patching requirements? The help desk can’t just stop by and log in to home devices. VPNs are security tools but still run software code which needs patching from time to time. Ease of use is critical lest a simple update grind business to a halt. 

How seriously do they take privacy and security? The best VPNs have easy-to-read policies and openly publish their internal security and privacy standards. They are transparent on how they answer requests for information from governments. Finally, they submit to regular security audits and publish the results.

There are many VPNs from which to choose. Our recommendation is that organizations and individuals take the time to select an appropriate VPN. We can help.

Leave a Reply

Your email address will not be published. Required fields are marked *