Are VPNs worth it? Three VPN myths debunked!
When it comes to cyber security, most businesses have the basic solutions in place – and by that, I mean firewalls, anti-virus and anti-malware.
However, when it comes to more comprehensive protection, far too few businesses understand the solutions available and often fail to keep up with the changing cyber security landscape.
As cyber criminals use more subtle methods to access business devices and networks to siphon data – such as spear fishing, man-in-the-middle attacks and spoofing – businesses need the protection of more comprehensive security solutions and protocols.
Virtual private networks (VPNs), two-factor authentication, password management software – these solutions are absolutely essential in the current cyber landscape and yet, despite the critical importance of these technologies, they are routinely overlooked.
According to our market research report, less than a quarter of businesses use virtual private networks (22%) and two-factor authentication (21%), while just under a third (32%) use password management software.
The reason as to why these solutions are not used lies in the fact that some businesses just don’t understand how these solutions work or how they protect the business – especially when it comes to VPNs!
Our market research report found that 27% of IT bosses don’t understand the need for a VPN; 23% believe using a VPN will slow down their Internet; and 8% believe a VPN would make remote access more difficult when working outside the office. In this blog, I’ll outline and debunk three VPN myths and highlight why VPNs are worth it.
VPN Myth #1: A VPN isn’t necessary
When more than a quarter (27%) of IT bosses don’t understand the need for a virtual private network, it highlights a gross lack of cyber security education and understanding of current cyber security threats.
Cyber criminals today are much less likely to target a business’ cyber defences directly and instead use more subtle methods. This means that relying on anti-malware and firewalls alone isn’t enough. Man-in-the-middle attacks and spoofing are often the go-to for cyber criminals as they require no real investment and are hard to trace.
Man-in-the-middle attacks are when cyber criminals intercept communication between two systems. This can happen in any form of online communication – email, social media, web surfing – and is incredibly easy for cyber criminals to achieve on unsecured public WiFi networks.
Spoofing, on the other hand, is when a cyber criminal impersonates another device or user on the network in order to steal data, spread malware or gain access to business services, networks or applications. This method is often used to propagate man-in-the-middle attacks.
In both instances, users connecting to an unsecured public WiFi network can encrypt data in transit and keep activities private by using a VPN. A VPN is worth using because it creates a secure connection between the device and the target server, making information incredibly hard to intercept and even if it is, it’s encrypted. The major benefit here is that if employees are working remotely and using public WiFi connections, those connections can be made secure using a VPN, ensuring activities are kept private.
VPN Myth #2: VPNs make remote access more difficult
As per our market research report, 8% believe that VPNs would make remote access more difficult when working remotely – if anything, VPNs make it easier and are worth using.
Without a VPN, employees working remotely will unwittingly expose business data to cyber criminals. This also applies to home networks.
Employees that are not “tech savvy” might not have set up their router correctly. It might not filter certain IPs or media access control addresses (MAC) or even have security encryption keys (WPA, WPA2 or WEP) set up. As a direct result – anyone can connect to the network and any traffic can pass through.
VPNs target these problems by establishing secure online connections. For example, if employees are working off site and using an unsecured WiFi connection, deploying a business VPN would create a secure connection over that network. Any data sent or received will be encrypted and employees can readily access files and services on the business network or cloud.
VPN Myth #3: VPNs drastically reduce internet speed
According to our market research report, almost a quarter of those reviewed (23%) believe using a VPN will drastically reduce their internet speed. This is another concern that businesses have about VPNs.
Of course, while there’s sometimes a minor change in internet speed – it’s not the only factor that influences it.
- Distance to a server
The distance between the user and the VPN server is one of the key factors determining internet speed. If an employee is connecting from the UK but using a VPN server in Australia, it will take significantly longer for data to travel between the two points. The closer the server is to the employee’s destination, the faster the internet speed.
With this considered, employees (if possible) should select VPN servers nearer to their current destination to maximise speed.
- Internet speed offered by the ISP/network
Another thing to consider is the internet speed offered by the Internet service provider (ISP) or the network the user is connected to. Public WiFi networks, for example, tend to be slower in general so the blame cannot lie solely with the VPN.
In addition to this, some ISPs throttle bandwidth deliberately, slowing down internet speed at specific times. Using a VPN, however, users can bypass the speed limits imposed by ISPs.
- Server load
Server load is another common issue experienced when connected to a VPN service. If there are many users on the same server then the connection speed will also be affected.
- Encryption level
There’s a small trade-off between the level of encryption and the speed of the connection. More comprehensive encryption will have a greater impact on connection speed – but it will keep data protected and private.
Lesser encryption will allow for faster connectivity but might not be as reliable as higher levels of encryption.
Currently, the encryption standard is Advanced Encryption Standard (AES) and it comes in different levels of strength: 128-bit, 192-bit and 256-bit encryption. The higher the level of encryption, the more effective and reliable it is.
Ultimately, in order for businesses to be protected against ever-changing cyber security threats, education is necessary. It’s clear from our market research report that there are several IT bosses within businesses that do not understand the current cyber security solutions on the market and how they can be used to improve business cyber security. So are VPNs worth it? Undoubtedly yes – but businesses need to understand how they can be used and develop a culture of cyber security in their workforce.
For a more comprehensive breakdown and in-depth analysis of the current cyber security landscape and how businesses are responding to the current threat climate, download our free eBook: Under Attack: Assessing the struggle of UK SMBs against cyber criminals by clicking here.