Page 59 - Cyber Defense eMagazine April 2021 Edition
P. 59
VPN Security Oversights
VPNs have two core promises – to create secure pathways for data and keep user information safe – which
is what makes them appealing to companies, especially those working from home.
However, many VPN services fail to abide by these promises and provide little transparency to
users, leaving openings for hackers to exploit and breaking down the trust of everyone using the service.
This can be seen with the Zyxel vulnerability, where more than 100,000 Zyxel firewalls, VPN gateways, and
access point controllers contained admin-level backdoor accounts, allowing hackers access to devices and
companies’ networks.
Additionally, after installing a VPN on a device, employees might find it challenging to determine if their pri-
vate network is connected, and remaining connected while in use. This is because there is a lack of visibility
and visual cues, which creates consumer uncertainty on if they are actually
browsing securely. To remedy this issue, VPN providers should ensure that their services are
connecting automatically to prevent unwanted disconnections. To enforce this, there should be
universal standards and guidelines in place to guarantee that the VPNs are working as intended and protect-
ing end-users from breaches.
Best Practices
Before installing VPNs, companies should choose the one that is best for its employees, but making that
decision can be difficult due to the abundance of options available. There are a few things to consider before
companies install VPNs and how to enforce best practices after devices are
distributed to employees.
• Free VPNs don’t guarantee protection: While free VPNs are present in the market, these options are
not highly recommended since they typically collect users’ data and sell it to third parties in exchange for
there being no monetary cost. Even though free VPNs, and other mobile apps, are enticing, companies
and employees are better off purchasing a VPN to ensure that personal and private corporate information
remains secure.
• Proactively check VPNs: To make sure that a VPN is working, employees should check the location of
the device. If the VPN is working properly, the device should display a location that differs from where the
user truly is, remaining anonymous and undetected from hackers trying to find vulnerabilities.
A More Secure VPN Market
To create a more secure VPN market, there needs to be guidelines led by the industry to help keep compa-
nies and its employees safe. With these industry-led standards organizations, major
technology, security and government stakeholders are working together to create scalable
global standards and testing to ensure a higher level of security across VPNs that become certified through
these programs. The security standards require VPNs to have security by default, standard cryptography,
no universal passwords, automatic connection when in use, end-to-end encryption, and regularly released
updates and maintenance. By implementing these requirements from the development phase, VPN services
can assure companies and their employees that they will work as intended to protect them from bad actors
and data exposure through their networks. This
transparency will save companies time, money and headaches from rectifying issues in the long run.
59 Cyber Defense eMagazine – April 2021 Edition
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.