More about VPNs
An important aspect of our cyber security awareness training and project implementation is getting people to understand that good governance, compliance and cyber security depend very much on understanding that you need to remain in control of your information.
One of the simplest, but often overlooked ways of maintaining data security is to use a VPN – a virtual private network. That is your own private tunnel to resources on the internet or to resources you depend on that you connect to via the internet.
But not all VPNs are equal
In this article I am looking at VPN services you can buy from vendors. For more information on keeping your company-owned and -operated VPNs secure, you really need to speak to one of our experienced technicians.
Uses for a VPN
Before we continue let’s just list a few of the common uses for a VPN:
- Connecting to a company network/resources/servers from a remote work location – this is the use case I mentioned above and if you need to check that it is secure you need to speak to one of our technicians.
- Connecting to company cloud services such as Microsoft 365 and Google Workspace when working from home.
- Working from a coffee shop or hotel lobby or room – this is one of the most common ways our clients use a VPN. I use my VPN when I travel.
- To connect to country-based services, such as streaming TV, from another country. Now this is one of the most common things mentioned in VPN vendor advertising. Diana (my wife and business partner) has had patchy success when it comes to connecting to the BBC from Spain, even though we have a TV licence – probably “due to the unique way the BBC is funded” (a quote from Jeremy Clarkson). So do not depend on that.
- Banking for the company or personal whilst travelling – this is Diana’s top use whilst away.
- To provide anonymity when browsing the internet. I use my VPN at home and when travelling for this. When I am researching for the articles on Smart Thinking Solutions and for general cyber security reading and research. I would rather that my ISP does not have a record of when and what I looked at.
So when is a VPN not a VPN
The simple answer to this, is if your VPN vendor keeps logs of server activity, anonymity is destroyed because the logs identify what user has connected to what services.
So when the Indian government brought in laws that required VPN vendors in India to keep logs of their users’ activity, the VPN companies were not happy. These logs could then be accessed by various Indian government agencies, removing the anonymity that users had bought, so the vendors have been moving out of India:
VPN Providers Flee India as a New Data Law Takes Hold | WIRED UK
The VPN I use does not keep logs and respects my privacy (Bideaua. 2022).
Deloitte Audit Reviews CyberGhost VPN’s No Logs Policy
Interestingly you can only access the full report if you are a paid-up user of the service, I am and I have, and the research carried out to give this guarantee was extensive.
Top Tips and a few closing words…
To finish here are some of the points I check for when reviewing a VPN service for a cyber security client:
- Anonymity
- Ease of use
- Cross platform compatibility
- Vendor base
I value my privacy and security and that of the companies I work for – that’s why I use a VPN.
Clive Catton MSc (Cyber Security) – by-line and other articles
References
Bideaua, A. (2022). CyberGhost VPN announces completion of Independent Audit conducted by Deloitte. Retrieved November 29, 2022, from https://www.cyberghostvpn.com/en_US/privacyhub/privacy-audit/
Further Reading
Now we are going out again – do not forget your VPN
Do you have a “work from anywhere” policy? We’ll Start With a VPN.
Photo credit Clive Catton (www.clivecatton.co.uk)
