Is your business VPN provider trustworthy?
When it comes to using a virtual private network (VPN) service offered by a third-party, trust is key. You need to be certain that the VPN service provider you work with doesn’t log data, follows data retention laws, is established and respected in the community and has the right technology in place.
Without any of the above, can you really trust your VPN provider?
If you’re here because you are concerned about the trustworthiness of your current solution, you’re in the right place. In this blog, we’re going to outline just what you need to address in order to determine how safe and secure your VPN actually is.
1. What’s your service provider’s data logging policy?
As you know, businesses use VPNs to ensure privacy online. By using a VPN, you can encrypt business-critical data in transit and ensure employees remain anonymous.
But while online activities are shielded from cyber attackers looking to eavesdrop, what about the logs stored by your VPN service provider?
It’s a real sticking point. Some VPN service providers claim to log no data whatsoever, but upon further inspection of inbound and outbound traffic it becomes apparent that they do.
The fact is, almost every VPN provider will collect and store some kind of data – but it’s often difficult to work out just what data that is due to convoluted data logging policies.
What this often means is that you – and your team – might not be getting the privacy you think you’re getting. If you haven’t taken the time to carefully assess your current VPN provider’s data logging policy (and actually test that policy), there’s no guarantee that your information is truly private. Again, can you trust your VPN provider?
Of course, your VPN provider may have made claims about never passing the information on to a third party, but what if the choice isn’t theirs to make? What if they are subject to a cyber attack and suffer a data breach?
When it comes to data logging policies – you want to work with a VPN service provider that doesn’t log any data relating to:
- The sites you visit
- The content you look at
- What you do on websites
- Identifiable information (IP address etc.)
At the most, the provider should just log information for compliance and device management, i.e. who is or is not using the VPN, connection times and duration of connections. In other words, information that can only be used to gauge performance – not activity.
2. Does it actually hide your IP?
VPNs work by creating a secure connection to another server over the internet. Your IP will change depending on where the target server is, effectively keeping your actual location hidden. To websites (and anyone attempting to hijack your connection), it will appear as though you are coming from the location of the server.
But before you jump on the internet and start browsing, it might be worth checking to see if your IP address is actually hidden. First – and with your VPN off – run an IP test using WhatIsMyIP.Network. What you see is your current IP address. Next, turn your VPN on and do the test again. Your IP address and location should both be different – if not, your VPN isn’t working correctly.
Doing the above is incredibly important because there’s no way of knowing if your VPN is actually working otherwise. Try to use different IP testing tools periodically to get a good idea of your VPN’s effectiveness.
If you haven’t already, read the reviews. This goes without saying but you shouldn’t sign up for a VPN service without looking at what others have said about it.
You should definitely do as much research as you can – precisely because you’re putting your data (and your customers’ data) at risk if your VPN doesn’t actually work as it should.
Look out for reviews that talk about the service provider’s data logging practices (their published policies may be misleading) as this will help you to gauge the security of your data. You should also look out for reviews regarding the actual performance of the VPN, i.e. does it stay on, does it keep your IP hidden etc.
4. What technology does it use?
Lastly, have a look at the technology the VPN service provider claims to have. Most VPN service providers use AES (Advanced Encryption Standard) with 256-bit keys. It’s the same encryption standard used by the U.S. government and security experts worldwide to protect classified information. In simpler terms, due to the number of possible combinations, a brute force attack on this kind of encryption is impossible.
As well as the technology offered, does the service provider have the expertise to quickly troubleshoot issues? Do they care? Your VPN service provider needs to be able to provide the level of support you need.
If you haven’t done any of the above – now’s the time to do so. You could be exposing your business-critical data to cyber criminals without even knowing. Given the complexity of VPN offerings on the market, it can be easy to forgo the research and just use whatever people suggest – but it’s important that you have a look yourself. Talk to your provider and don’t be afraid to ask them the real questions.
What makes a trustworthy provider?
At Privatise, we offer a VPN solution designed specifically for deployment in small and medium-sized business environments. It’s easy to install, rapidly deployable, scalable and always on. It requires no passwords or usernames, provides real-time device monitoring (so you can see who and who isn’t using it), central device management for easy authentication and a variety of integrations.
Privatise Business VPN uses the latest security technology and only logs metadata for up to 30 days (which can be modified by the system administrator).
Want to learn more? Just check out this page.