Does our organization need a VPN?

Len
What most people don’t realize is that your Internet Service Provider (cable company, phone company, etc.) is keeping logs about you and every device in your household — what websites they visit, online activity, etc. And they sell it to other organizations that collect and aggregate data about each of us. This isn’t conspiracy theory, it’s fact.

A Virtual Private Network should provide you and/or the people in your organization/company a way to increase your confidence that the data transmitted between each device on your network and a remote server/website is being encrypted so in theory your ISP or other actors can’t explicitly see and track your activity.

You may have become used to always looking at the web browser address bar for the https/SSL Certificate padlock (or a “not secure” warning). But that doesn’t mean your ISP isn’t collecting info and tracking you.

Let’s break this down into a few parts:

  1. Need
  2. Provider
  3. Implementation

First, why do you want/need the additional security of using a VPN? Is it because someone suggested it? Do you have confidential info to protect? Will it give you a greater sense of security? Will everyone in your organization actually appreciate the importance and use it?

Second, just because you received an amazing time-sensitive promotion offer, doesn’t mean you should rush into purchasing a multi-year VPN subscription. There are hundreds (maybe more) of VPN service providers. Some are good, some are sketchy. You have to do the research. Find out which ones have been audited to prove they are truly secure and don’t store user data. There are stories about VPN service providers that were supposedly the best but were flawed because access to one server location was insecure.

Finally, can you implement it in a way that all your organization/company members will use correctly and not try to bypass and defeat the whole purpose. It’s probably best to check what the current ISP offers that could be applied at the router level (as opposed to individual devices (computers/cellphones/cameras/etc.). That could be easier for everyone internally if they didn’t have to mess around with managing the connection on individual devices. So less technical support required. You don’t want to become the enforcer that everyone resents.

Next Step:

It comes down to whether you think everything that should be private and confidential is not protected as best it can be. Start by trying to educate your users on safer behaviors (i.e., password security, keeping workstations locked, how to detect phishing and social engineering scams, etc).

If you want to implement a VPN, please do more research. Check out some of the notable tech news sites — keep in mind they may be biased and earn commissions with affiliate links. Consult an IT professional if you need to secure many devices and access points in a large location.

(Not an endorsement) “NordVPN” has served well for some sensitive client work but not for everything. I try to use as much as possible but main reason I don’t use 100% is sometimes I’m blocked from accessing important service providers that can detect if I’m using a VPN. So I’m toggling on/off depending on the purpose.

Ultimately you should do more research, gather some opinions, try one. There’s usually no long term commitment.

Again, it’s just my opinion. I’m not an I.T. expert. You might want to get some other opinions on how to implement a VPN with a network.

Good luck!
-Roland

[Disclaimer: I’m not an I.T. expert. This is just my opinion. I get a version of this question frequently because my Clients suddenly receive a time sensitive promotional pricing offer for a random VPN.]