Best Practices for VPN Use in Your Small Business
By Page Moon, CIO
In today’s business world, employees are frequently working remotely, traveling, or utilizing offsite co-location facilities to get work done in ever-increasingly complicated professional and personal schedules. This has forced an increased use of VPN’s, or Virtual Private Networks.
There are several, basic “best practices” that all businesses should follow if granting employees access to the corporate network through a VPN. I will touch on a few of these and Focus Data Solutions will publish more detailed blogs during Focus Data Solutions “IT Security 2020” series.
Confirm that your company has the basic lines of defense.
An organization using VPN should have both antivirus and firewall protection on all company hardware.
Furthermore, the organization should employ a “security as a service,” or detection monitoring to identify and stop malicious attack on the network before damage occurs.
Put a security policy in place.
A policy should include who has access to the network, how much access and what type of devices can connect to the network. Additional matters include idle connection time, standard process in case of a breach, and authentication.
What devices should be allowed to connect through VPN?
A hard and fast rule should require that only company-issued hardware can connect to the internal corporate network, with or without VPN. Likewise, users should not be allowed (or be able) to load any type of software on their device without formal administrator approval. This rule helps ensure against a Distributed Denial of Service (DDoS attack), where one user infects the whole network.
Select the appropriate type of VPN for your organization
There are several types of VPN in use in the corporate world: Remote Access Server (RAS), Internet Protocol Security (IPSec) and Secure Sockets Layer (SSL). We will dive into greater detail in a future article. For now, speak with your IT provider to determine which type of VPN your company has and if it is appropriate for your business’ security requirements.
Determine Specific Rules for Road Warriors
Employees connecting from hotels, airports or other public places pose a definite threat to the corporate network. Require employees to adhere to these rules:
- Limit file sharing. Before connecting to a public network cut off the features that enable open file sharing on your devices.
- Request the specific Wi-Fi name from the hotel staff. Don’t guess. Hackers may set up a similarly named Wi-Fi to dupe unsuspecting travelers.
- Don’t conduct financial or sensitive transaction without a VPN.
- Your phone is not secure on public Wi-Fi unless you use a VPN or encrypted application. As a rule, use the cellular network.
- When browsing, stick with HTTPS. HTTPS over the web is more secure than HTTP because your transactions are encrypted. It is must more difficult for hackers to listen into and collect personal information when you employ HTTPS.
This is a basic introduction to VPN usage for businesses. Subscribe to our email newsletter to learn more in the coming months through Focus Data Solutions’ IT Security 2020 series.