OUR SERVICESSERVICESFollow usPREMIUM AREAWhitepaperEventsWebinarCHANNELSNational cybersecurityMalware and attacksRegulations and adjustmentsCorporate solutionsCyber cultureThe expert answersNews analysisAbout usSMART WORKING AND SECURITYHomeCorporate solutionsShare this article
The coronavirus pandemic has in fact imposed the adoption of smart working policies, forcing hundreds of thousands of workers to access company networks remotely: the solution is to adopt a VPN that guarantees the highest level of security at the virtual perimeter of the company. Here are practical tips
12 Mar 2020IPerguido IezziSwascan Cybersecurity Strategy Director and Co FounderThe digital transformation forced by the coronavirus pandemic has forced smart working on everyone and, in fact, to adopt valid solutions to make so-called agile work insecure: one above all, l 'use of a VPN.
VPNs or Virtual private networks, we remind you, help to circumvent the geographical restrictions imposed but, above all, to keep web browsing private and consequently they are increasingly crucial in a period where hundreds of thousands of workers are forced to access corporate networks remotely, perhaps limited by restrictive firewalls.
Topics indexSmart working with a VPN: security issues
Does the adoption of a VPN therefore represent an essential and insurmountable layer of security and privacy?
Not always, because even if the best VPNs add a welcome layer of security to our web configurations, there are just as many VPN applications that expose their users to cyber attacks.
WHITEPAPERNetwork, security and digital workplace: a new model for agile workingNetworkingNetwork SecurityDownload the WhitepaperMany free and mobile-friendly VPNs on the market, for example, use unsafe protocols and record user activities, while even the most popular ones do not can always guarantee to protect their users from the prying eyes of government agencies.
That's why it's vitally important to not only choose the most reliable and robust VPNs available, but also learn how to set them up and run them to their full potential. Otherwise, we could find ourselves in a situation similar to that of users of Fortigate or Pulse Secure, two VPNs that have recently been targeted by criminal hackers.
A recent study of 150 free VPN apps for Android revealed that many of them had serious security flaws and performance issues. 18% of these contained potential malware or viruses, 85% had excessive permissions or features that could jeopardize a user's privacy, and 25% exposed a user's traffic to DNS leaks and the like.
And it's not Android that has the problem, because a parallel study looking at the top 20 iPhone VPN apps produced similar results.
Even more disturbing is the fact that over 50% of the applications were somehow linked to companies located in China, despite its strict ban on the use of VPNs and its notorious Internet surveillance regime.
Much of this data, therefore, was explicitly shared with Beijing.
Security of VPNs: a widespread problem
Some of the best-known VPNs covered in the two studies include applications that have been downloaded over 50 million times, such as Hotspot Shield Free, SuperVPN, Hi VPN, Turbo VPN , Snap VPN, X-VPN and VPN Proxy Master.
Just to name one, Ultrasurf tested positive for potential malware, as well as risky features, such as detecting the last known location of the host device (although the Ultrasurf developers have denied these detections are valid).
In other words:
- A large number of free or low-cost VPNs may do the exact opposite of what we expect from them;
- The most popular VPNs may not be configured correctly.
The danger of fake VPNs
In some cases, a VPN is not simply inadequate, but rather actively harmful. Fake VPN services, especially free ones, can also be set up as honeypots to collect all of a user's data, deliver malware, and spy on people.
Remember: a VPN, in many cases, is only an ISP (Internet Service Provider) that you choose. Once this is done, the developers have access to all your online data.
Of course, it would be bad enough if only free and untested VPNs had serious privacy issues. But the thing is, even when we use a highly reliable and well-developed VPN, we still aren't entirely safe from intrusions into our virtual privacy.
It would be foolish not to think that our ISP can see that we are connecting to an IP address owned by a VPN service and that our software is connecting to ports associated with VPN activity.
The cyber security perspective
If the privacy guaranteed by VPNs can be questioned, what do they bring as a cyber security advantage?
The answer to this question is nuanced and really depends on the type of attack being performed. In general, VPNs face many weaknesses that criminal hackers use to break into networks.
But in a granular way, some attack vectors can easily bypass a VPN, especially if they originate internally.
While popular VPN services like Surfshark, NordVPN, and Express VPN all have built-in encryption protocols and security features, they cannot protect against malware. Instead, users should rely on regularly updated, respected and trusted dedicated programs.
It is important to note that VPNs themselves can also be prone to malware and trojans.
Especially for those using free VPNs on a crowded server, these solutions can actually create additional security issues – they don't help prevent them.
Since these large servers are a big target for hackers, it's important to only use reputable VPNs that offer plenty of support and server space (note: this is almost always a pay-to-use service).
An advantage of VPNs, however, is their preventive security function.
Attackers attempting to steal information in transit (i.e., across our connection) will have an incredibly difficult task to do so with an active VPN.
Some VPNs – such as those that encrypt data using military-grade encryption technology – can act as a significant barrier to criminal hackers attempting to steal information on the go.
So when a person with a VPN connects to a local Wi-Fi hotspot they don't have to worry about malicious individuals stealing your credit card information, passwords, files or anything else. Traffic is routed through a secure and encrypted connection to an external server.
But these systems aren't a universal panacea, VPNs can't stop someone from physically hacking into a computer. They are only useful for securing connections, not for "physical" security. Passwords, 2-factor authentication protocols, and robust identity checks are the primary methods used to safeguard physical servers, computers, and cell phones, and should remain so.
Smart working with a VPN: practical advice
In the light of what has been said so far, we can list some useful tips to put into practice for working remotely using a VPN:
We must not and cannot lower our attention to cyber security issues.
Smart working has effectively changed corporate digital frameworks. Our devices have left the company perimeter. Cyber risk has increased directly exponentially with the number of devices exposed.
An opportunity that criminal hackers can exploit.
WHITEPAPERSmart working in the new normal: from implementation to assistanceFind out moreDownload the Whitepaper@RESTRICTED PLAY CharactersPPerguido IezziTopicsAApplicationsATwo-factor authenticationBBest PracticeCEncryptionFFirewallHHackerPPasswordPPrivacyTtrojanVVPNChannelBusiness solutionsBusiness solutionsTHE PRACTICAL GUIDE