A virtual private network (VPN) encrypts connections to the internet by creating a secure tunnel between a user’s device and the VPN server.
Devices using a VPN have their internet protocol (IP) address masked and traffic instead looks like it’s coming from the VPN server. As well as keeping the device and its user anonymous, VPNs encrypt data in transit between the device and the VPN server, ensuring information is private and secure.
Should that information be intercepted by anyone, instead of seeing the raw data they will see random data with no discernible pattern, making the information impossible to decipher.
A VPN can add a critical layer of protection to your online security and is quickly becoming essential as more and more of us use unsecured public WiFi connections to get online.
Whenever you connect to an unsecured public WiFi network (such as those at an airport or coffee shop) you expose your device, your information and yourself to cyber criminals. WiFi networks are typically open and have no firewall or access encryption enabled, making them great channels for cyber criminals.
Without a VPN, none of your online activity on these networks is private or encrypted and in an increasingly connected world, a world in which cyber crime is constantly on the rise, having a solution to keep your online activity private and secure is nothing short of essential.
With a little knowledge and skill, as well as the right tools, even the most inexperienced cyber criminal can infiltrate your device, intercept data in transit, leave malware and steal your sensitive information.
Take this scenario for instance.
John - an SMB owner (a prime target for cyber criminals) - needs to edit and send a number of sensitive business files on his business’ cloud network before close of day. So, he connects to an unsecured public WiFi network and logs into his business’ secure cloud using login details he’s used elsewhere. He downloads the files to his device, edits them, attaches them to an email and sends them to his employees.
The following day at the office, John finds out that not only is the business’ secure network offline, all of the business’ sensitive information, including client contracts and other information, has been stolen and computers within the office have been infected with malware.
So, what went wrong?
John had nothing on his mobile device to protect him from cyber attack. He had no online privacy to keep his online activities private and encrypted; he had no anti-virus to prevent intrusion of malicious software; and he was using an unsecured public WiFi connection, meaning anyone could access his device, insert malware, and intercept data in transit.
So the moment at which John connected to the unsecured public network WiFi, he exposed himself and his business’ information to cyber criminals.
What happened is that a cyber criminal connected to the same public WiFi accessed John’s device, distributed malware directly to it and stole his login details to his business’ secure cloud.
Long before John had finished his editing, his mobile device was completely infected - including the files he was editing - and the cyber criminal had already accessed the business’ secure network and stolen sensitive information.
Unknown to John, the email he sent was infected with malware, and as his employees opened it, it spread further across the business’ secure network and computers.
This situation can of course, apply to any employee in John’s business using their own device, instead of company issued devices with the right protection, to access the business’ secure network via unsecure WiFi networks.
Clearly, a multi-layered approach to online security is fundamental - and an online encryption solution, a VPN service, plays a key part in that process. Without such a solution, you - just like John - expose your device and business to a number of risks, including those below:
Having a VPN service will not only allow your employees to access your business’ secure network remotely, but also make sure that their online activity is encrypted and, therefore, private.
Whenever your employees work remotely and connect to the internet with the VPN service enabled, all of their online activity and data - usernames, passwords, financial transactions and much, much more - will all be secured and encrypted.
Furthermore, a VPN service will mask your employees’ device’s IP address, preventing cyber criminals from monitoring their device and their activities online. Your employees can then perform business tasks online with confidence, knowing that no one can monitor them or steal information.
With a VPN, you ensure that your employees are protected from the risks that John exposed himself and his business to and benefit from the following:
Many small businesses are under the dangerous delusion that they will never be targeted by cyber criminals. Usually this stems from the idea that large businesses are the real targets and that, as a small company, they are not worth a cyber criminal’s time.
But these myths and misconceptions that SMBs are “too small to target” are the thing which inevitably makes them an easy victim of cyber attacks. There are a number of reasons why, as a small business, you might think online encryption isn’t for you - but keep the following in mind.
Reality - According to the Cyber Security Breaches Survey 2018, published by the Department for Digital, Culture, Media & Sport, almost half (42%) of small businesses have suffered a cyber attack in the last 12 months. Just because you’re a small business doesn’t mean you won’t be targeted.
Reality - Don’t underestimate the value of your assets as a small business; even if your cash reserves aren’t significant, the data you hold about your customers is a prime target for cyber criminals and you have a responsibility to protect it.
Reality - The cost of deploying online encryption to protect your data and your customers’ data is nominal compared to cost of a cyber attack or breach.
Reality - Your reputation is everything as a small business trying to make your way in any market. Having the reputation as a business which can’t protect its own data - or customers - is not a position you can afford to be in.
Reality - You need a multi-layered security network to keep your business safe from cyber criminals. Your anti-virus software will only protect one flank of your business’ cyber defence, and that isn’t enough.
Cyber attacks from external threats are an increasingly common concern for business owners but while many directors and managers focus on this external threat, they often miss out on one of the most obvious: their own employees.
Unfortunately, employees have become one of the biggest cyber security threats due to their demand for flexible working and expectations of using their own devices for work. Often this comes down to a lack of understanding and training when it comes to using public WiFi for work and having the right device protection installed.
There are, of course, a number of factors which have contributed to employees being such a big security risk:
Using a proxy server or VPN service can help to enhance your business’ online privacy - but which one can deliver the necessary levels of online privacy your business requires?
First and foremost, it’s important to distinguish between a proxy server and a virtual private network. While both proxies and VPNs can keep you anonymous by hiding your IP address, they work in fundamentally different ways.
Proxy servers are essentially a middleman between your computer and the Internet. Using a proxy server, any traffic passing through it will appear to be coming from the proxy server and not your computer, keeping your location masked. Proxy servers are great for getting behind geo-restrictions, such as websites locked to particular regions.
However, proxy servers do not encrypt your online activity, meaning that while your location is hidden (as the IP address is that of the VPN server) your online activity can be monitored and read.
A virtual private network (VPN) on the other hand, creates an encrypted tunnel or connection between your device and the VPN server. Using a VPN, public WiFi connections can be made secure. All of your browsing appears as if it’s coming from the VPN server, and all of your online activity is encrypted, so even if someone does manage to intercept your data in transit, all they will see is encrypted information.
For SMBs with employees who often work remotely and use unsecured connections to connect to the business’ network, a VPN service would be most appropriate and would ensure that their online activity remains private, encrypted and secure.
SMBs face a significant challenge from the current VPN services on the market, because none of the current offerings are made for them.
Too consumer focused - On one end of the scale are consumer-grade VPNs. These are aimed at individuals rather than businesses. Consumer-grade VPNs require active engagement to deploy and manage and cannot be scaled easily. They also don’t offer a high enough level of protection.
Too enterprise focused - On the opposite end of the scale are enterprise-grade VPNs. These services are typically aimed at big corporations and governments interested in preventing state sponsored cyber attacks. While they provide high levels of protection, these VPNs are far too complex to manage within a SMB environment or a business without dedicated IT support.
As a result, SMBs are often forced to combine a number of solutions to deliver the right functionality and end up with an ineffective and unmanageable combination of online encryption solutions.
These systems offer no reassurance for managers because of the lack of transparency over their usage, are unmanageable because each user needs to log in with their own username and passwords (which are often duplicated from other online accounts), and ineffective because many employees don’t use them properly, leaving their devices open to attack.
The problem is that while business owners and directors feel confident that they have adequately protected their business, they have in fact unwittingly introduced areas of vulnerability which cyber criminals can capitalise upon.
Privatise Online Encryption offers a solution to this problem, because it is built specifically with SMBs and their challenges in mind.
Its single point of management makes it easy to monitor which devices are protected, simplifies the process of adding and deleting users and removes the administrative burden of actively managing the software’s use with its one click “always on” function.
As there are a number of VPN services on the market, it’s important that you take the time to evaluate each one to determine which would best meet your business’ needs.
Some of these solutions are difficult to configure and manage, whilst others do not provide the level of scalability that some businesses require as they are limited to just a few devices.
Of course, with any purchase it’s important to make an informed decision - and that means asking the right questions.
Below are some of the key questions you should be asking in order to make sure you make an informed decision on which VPN provider to choose.
Device management and authentication should be one of your foremost concerns. For many solutions on the market, adding and removing devices takes a considerable amount of time - so you need to find a solution which only requires a few clicks to set up new users and remove old ones.
Privatise Online Encryption can provide just that. You can easily add or remove users from the solution with a single click from your business’ Privatise portal. Learn more.
Rather than having to check each individual device manually to see if the device has the VPN solution installed and configured correctly, you need a centralised management portal that gives you complete visibility of all the devices using the VPN. Unfortunately, most solutions on the market don’t provide complete visibility and those that do only provide limited monitoring.
Privatise Online Encryption, however, allows you to view the status of all the devices connected to the VPN, as well as see which devices do not have it installed. Learn more.
Deploying a VPN into your business shouldn’t be time-consuming or complex. Installation should be easy and straightforward so you don’t have to enlist the help of an expert.
Privatise Online Encryption can be rapidly deployed and installed to a number of your business’ devices in short order. Simply purchase a Privatise Online Encryption licence and install the new software to your business’ devices with just one click. Learn more.
One of the biggest security risks (and barriers to adoption for VPNs) is employees having to remember more usernames and passwords. Most employees will use usernames and passwords they use elsewhere - compromising the security of the business - and some will forget their details or “misplace” them. On that basis, you need a solution that can authenticate users a different way and without usernames and password.
Unlike other VPNs, Privatise Online Encryption authenticates devices using public key infrastructure (PKI). Upon installation, a security certificate is downloaded and installed to the device in question, whitelisting it for usage of the VPN. Users don’t need to remember usernames or passwords as their device is logged in automatically. Learn more.
Any VPN service you choose should - at the very least - encrypt your data in transit. In addition to this, for long-term business benefit, it should be scalable, easy to manage, and sophisticated. It should include some form of centralised device management to make it easy for your IT administrator to manage business devices and install the solution, as well as seamless authentication to remove the need for usernames and passwords.
Privatise Online Encryption can provide all of the above and more. It can easily be deployed to a number of devices with just one click, you can monitor all the connected devices from a central portal, users are authenticated using PKI authentication (rather than usernames and passwords), and it will operate automatically in the background and requires no additional configuration. Learn more.
A key consideration should be whether or not the VPN solution starts automatically the moment you or your employees turn on their device(s). This is critically important as employees often forget to start VPN solutions that do not start automatically and will go about their activities online without checking.
Privatise Online Encryption however, is an “always on” solution. This means that once it has been installed on a new device, it works automatically in the background without the need for configuration or further management. Learn more.
Ongoing management of your VPN solution can be time-consuming and complex - which is frustrating as it doesn’t need to be. In today’s world, the VPN solution you choose should update automatically and in the background to ensure your day-to-day activities are not interrupted. However, some VPN solutions will require you to manually update them and download the latest version - this can be an arduous task when you have to update multiple business devices.
Privatise Online Encryption automatically installs updates as and when they are made available. You do not need to update the solution yourself and the updates are done in the background, ensuring your day-to-day activities are not interfered with. Learn more.
This is a key question to ask. Consumer-grade VPNs are not designed for business applications and expanding them to multiple devices will be tricky. Business VPNs on the other hand may provide the functionality you need but often require a dedicated IT department to manage on an ongoing basis.
Privatise Online Encryption is the first internet privacy protection tool developed specifically to meet the practical needs of small and medium-sized businesses. Thanks to sophisticated authentication and centralised device management, installing the solution to multiple devices is easy and requires only one click, while logging into the solution is automatic as it uses PKI authentication, rather than usernames and passwords. Learn more.
Whatever VPN solution you choose, it should have some form of real-time device monitoring in place so that you can see which devices are actively using the solution and which devices do not have it enabled.
Through your Privatise Online Encryption portal, you can actively monitor the devices which have the software installed to ensure it’s deployed and configured properly for all your business’ desktop and mobile devices. Learn more.
Built from the beginning with small and medium sized businesses in mind, Privatise Online Encryption not only provides enterprise-level encryption and security, but also scalability and device transparency unseen anywhere else on the market.