VPN stands for Virtual Private Network, which is tech-speak for a secured connection in an otherwise unsecured environment. It’s an encrypted tunnel that allows our devices to communicate safely with our office network while outside the building. Although our small business data should be protected internally from hacking attempts, viruses, malware, and every conceivable form of cyber threat, each device outside our network connecting in becomes a potential attack vector that needs to be secured. That’s what a VPN does.
When we are in the office, everything we do on the internal network should be secured from the outside world. We can easily access our files, reports, databases, software, scanners, printers, and whatever else from our desk. But when we want to connect to these same resources from outside the building, we need to maintain the same level of security.
ANALOGY PLEASE?
Digital security is a two-way process. Both sides of the secure connection need to be similarly encrypted. Let’s say our office is across the street from one of our clients. Coincidentally, ours is on the 10th floor and so is theirs. We can see them sitting at their desk, and sometimes we wave. If we want to email them a spreadsheet from our secure network to theirs, the spreadsheet will exit our network, travel across the insecure internet, and finally enter their secured network on the other side., because their security protocols are different from ours, as they should be, and between our office and theirs is a dangerous world.
It’s as if we left our office, used our keycard to enter the elevator, rode down to the main floor, and walked outside. Then we crossed the busy street to our client’s building, asked their security guard to call upstairs for permission to give us a guest badge, so we could ride the elevator to their floor and hand them a printout. Although the data was safe within our office, how many potential risk points existed on the way to our client?
A VPN creates a tunnel between them and us–an extension of our office (network) boundaries. Using the same analogy, with a VPN, we could walk from our desk to the elevator, down to the basement, through the tunnel, and hand them our printout at the other end where they are waiting to meet us.
HOW VPN WORKS – ABRIDGED
There are numerous VPN types based on the reason you need it, the level of access control required, and how much visibility you want to real-time monitor who is accessing what, from where. But in general, it’s all about an encrypted handshake. However, before we can make the acquaintance, we need to verify our identity.
The VPN software on our laptop or smart-phone creates a hidden and secure connection over the unsecured public Internet to our office network. Prior to establishing the link, both the software and network endpoint must validate our credentials through a series of challenges. While the initial configuration might take a few minutes, most of this process is automated for future logins, except for the final multi-factor authentication step(s).
Once the VPN login authority on our network accepts our identity, it creates the tunnel and immediately treats us as if we’re back in the office sitting behind our desk. Whatever we could do from there, we can now do from wherever we are: access every physical device, every file in every folder, on every server. No one outside the office can see this, but our network admins can as one of the many additional VPN benefits.
VPN VISIBILITY
Another benefit to leverage by using certain VPNs is the ability to see and monitor traffic, which allows admins to track user patterns to discern possible security breaches. The right business VPN solution increases our periphery to see more and react faster. Our network administrators are responsible for protecting our data from human error, malicious intent, hardware failure, and numerous other threats. Tracking employee access through VPN helps mitigate risk by looking for unusual patterns.
Our banks do this all the time. We authenticate into their system from the web or phone app then go about our banking business. But suppose the bank notices an irregularity, such as perhaps, a purchase made in a different time zone than where our activity usually occurs. In that case, they immediately suspend our cards until we can approve the purchase. While this isn’t performed through a VPN tunnel, their immediate reaction to unusual patterns is similar to what our network administrators can do with the right level of access visibility.
Network visibility, in general, offers numerous benefits. Beyond threat assessments, their real-time trend analysis can help determine workflow weaknesses that handicap efficiency, bandwidth clogs that slow response times, and so much more.
WHO CAN SEE YOUR DATA?
There are countless benefits to using a Virtual Private Network. Regardless of your small business size, maintaining a secure connection for remote access to company data is paramount.
Does your office have a Bring Your Own Device (BYOD) policy or at least an unwritten agreement? Are your employees allowed to access company email, project management tools, and files from their personal computers and smart-phones? It’s a great way to reduce infrastructure costs, but it also increases the risk of data exposure from using devices that are not adequately protected.
Where is your data being accessed from? Are your employees checking-in from a local coffee shop, the airport WiFi, or another Public hotspot? If a hidden, encrypted VPN tunnel is not the conduit between them and your network, then your data is available to anyone who wants it.
CONCLUSION:
We’ve covered some of the basics to explain what a VPN is, but you should speak with a full-service IT resource like Consul-vation to determine if it’s right for your small business. They will review your long-term plans, thoroughly examine your technical capabilities and help determine priority steps.
As remote access and telecommuting become more the norm than spending 9-5 in the office, Virtual Private Networks will significantly improve your employees’ capabilities while giving your security team the tools they need to keep your data safe. VPNs can provide unprecedented oversight to monitor activity, measure productivity, and track accountability, among other features. Ask your IT professionals if VPN will support your goals.