Rise of the VPN in a WFH world

Posted 09/16/20 Team Vaco

There’s no question that technology is helping us adapt to changing times, but the rapid adoption of technology can leave companies — and their employees — vulnerable to security threats. 

So we asked Steve Shoemake, Vaco managing partner and national technology practice leader, what he had to say on the subject of virtual private networks (VPNs), compliance, endpoint integrity, and the importance of security in a work from home (WFH) world. Turns out, he had plenty of insight and advice to offer!

Tell us a little more about VPNs & why they’re so important?

A VPN adds a layer of security to a network – regardless of whether it’s public or private.  For example, you can use a VPN over your private network at home or over a public WiFi in a coffee shop. In both cases, you’ve increased both the privacy and security of the communication that you’re having from your computer.

What kind of IT should companies invest in for full (but secure) virtual access to key systems & data?

VPNs are definitely a smart IT investment and ensuring employees use work-authorized devices rather than personal devices is another wise investment. Investing in spam control, virus software, asset tracking systems, and Identity and Access Management (IAM) solutions are all part of a comprehensive, modern security plan for businesses supporting remote workers.

What can companies do to secure data integrity and maintain compliance?

Statistics vary, but one recent study indicated that in the small and medium business (SMB) space, 72% of businesses that suffer a data breach go out of business as a result.  

SMBs must take data breaches and security threats seriously. Far too often SMB resources are spent on the direct need with tangible value and far too little is allocated for data integrity considerations. If a company is under $2B in revenue and has a distributed workforce, a good place to start is a simple risk assessment. Once you get a report on your overall exposure related to data integrity, privacy, and the regulatory agencies that have oversight to your operations, you can begin to make common sense investment decisions. 

What should companies be doing to maintain endpoint integrity & authentication?

Multi-factor Authentication (MFA) is one tool, as are biometrics — like fingerprint, retina, and facial recognition. Contactless biometrics are especially popular right now, for obvious reasons. We have some clients that have multiple security layers: an MFA + biometric login to the endpoint which is followed by an MFA to login to a VPN.  

The key point here is not how to ensure your endpoint is secure…you can make the endpoint as secure as your budget allows. The challenge for CIOs, CTOs, and CISOs in a post-COVID world is to balance security and economics … which is no different than the challenge before the pandemic. The risk parameters have changed but the end-game is still the same: how much should a company spend on security given the business it’s responsible for and the operating model that it’s now working under?

How can companies make sure VPNs remain effective & free from vulnerabilities?

One is never “free from vulnerabilities.” That said, when discussing VPN vulnerabilities, we’re now talking about vendor management. Auditing vendors to ensure that they’re following best practices associated with risk mitigation is key. One way to do this is to make sure you receive a copy of any annual penetration testing that they’re conducting. Additionally, vulnerability patching is another area that should not be overlooked. One of the largest data breaches ever – the Experian breach – was due to a vulnerability that was identified, but never patched!

COVID-19 has impacted the tech industry in countless ways. And big changes are in store for technology and the tech industry. For more great tech advice and insight from Steve, be sure to register now for our October 8 webinar,  “5 Ultimate Tech Industry Trends Driven by COVID-19.”

 Register now