Want Secure Remote Worker Access with VPN? These 5 Steps Get You Closer

Brian Trzupek
DigiCert

Many remote employees must access a corporate private network from home to continue business as usual. Organizations are turning to virtual private networks (VPN) as never before to keep remote workers connected to critical information and tools. To protect sensitive data and network bandwidth, however, companies must secure and control that network access such as by incorporating digital certificates into their cybersecurity strategy. Follow these five VPN best practices for secure remote worker access.

Best practice #1: Choose a corporate VPN wisely

Confidence with your corporate VPN starts with selecting the right one. VPNs enable employees to securely connect to enterprise applications over the public internet. Be cautious with free VPNs as the provider could be making money by selling information about user behavior, according to the Gizmodo UK article Why You Need a VPN and How to Choose One. Look for well-established VPN providers with a good cybersecurity record. In particular, scrutinize the provider's data policies.

"Using a VPN isn't going to protect your online privacy if that VPN is busy logging everything you're doing and handing records over to governments, so you want to do some digging," according to the article. "The ideal VPN provider promotes a zero logs policy and encrypts transmitted data using a well-established open-source protocol."

Best practice #2: Train employees on VPN user etiquette

While the employee dress code may have loosened (business attire on top, pajamas on the bottom, anyone?), company cybersecurity standards shouldn't. Remote employees shouldn't extend the comforts of working from home to lax attitudes toward the corporate VPN.

Accessing the corporate VPN should happen only after remote employees register their devices with IT (IT-issued devices are even better), and make sure email and storage are encrypted, according to Security Intelligence article Develop Tailored Cybersecurity Self-Assessments to Help Secure Your Remote Workforce.

Prevent potential problems by adding corporate VPN guidelines to the employee handbook. Include them in any login instructions provided when handing out laptops during onboarding so everyone is clear on what's expected from the outset.

VPN usage guidelines aim to prevent bandwidth overload and protect against cybersecurity threats. Consider the following suggestions for the types of online behavior to prohibit on a corporate VPN:

■ Streaming Netflix, Spotify, YouTube, Twitch or other services

■ Personal web-browsing (shopping, checking personal email, posting to Instagram and other personal social accounts)

■ Meeting via Zoom, Microsoft Teams or other videoconferencing applications that don't require VPN

■ Downloading or uploading large files

■ Updating software

Best practice #3: Monitor remote employee VPN usage

While developing — and sharing — VPN guidelines should decrease issues, it won't eliminate them entirely. Closely monitor VPN usage to ensure that remote employees aren't inappropriately using the corporate VPN. If necessary, you can block problematic sites from being accessed on the company's network.

Even the most cybersecurity-savvy employee has an occasional lapse in judgment. One of the most common errors is for employees to mistakenly view the corporate VPN as an endless, renewable resource rather than as a costly, limited one. Monitoring can capture overall bandwidth usage and make sure nobody is slowing the network down for other remote employees. With so many more employees reliant on a corporate VPN, infrastructure will likely need to be built out if VPN performance suffers.

Best practice #4: Adopt multi-factor authentication

With the huge recent increase in VPN users, "the pool of potential victims who lose their credentials is higher than ever before," according to the eWeek article How to Make Sure Your VPN Access Remains Seamless. The former access default of a username and password no longer cuts it. Instead, anyone attempting to access the corporate network should first provide some evidence (or factor) of their identity.

Factors include:

■ Something they know (like their mother's maiden name)

■ Something they have (like a bank card, or private key- per below)

■ Something they are (a physical characteristic like a fingerprint or typing speed)

Experts disagree on whether requiring that people offer two factors (two-factor authentication) is sufficient or whether asking for three factors (multi-factor authentication) is best. I strongly recommend multi-factor authentication (MFA) for increased VPN security, especially since remote employees connecting to the VPN from home probably don't have an Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS).

Best practice #5: Incorporate public key infrastructure (PKI)

Another way to increase security for your remote employees is with modern public key infrastructure (PKI), which is a system of processes, technologies and policies that enable companies to encrypt and/or sign data as well as attest to strong identity of the user. By incorporating PKI into their remote work security policies, companies can better control virtual network access via digital certificates and public-key encryption. Access can be revoked if an employee leaves the company.

Additionally, a digital certificate is an incredibly strong second (or multiple) factor of authentication as mentioned in point 4 above. The combination of a user name/password AND digital certificate creates a cryptographically strong authentication process that drastically decreases account hijacking threats.

The number of businesses using PKI as part of their cybersecurity strategy more than doubled over a decade, with 65 percent using it in 2018, according to an IDC study sponsored by DigiCert.

"PKI, if properly deployed and managed, is one of the most powerful tools organizations can use to avoid costly and reputation-damaging data breaches," said Rob Westervelt, Research Director, Security Products at IDC.

Offer secure remote worker access with VPN best practices

Sixty-three percent of U.S. employees reported working from home in mid-April — twice as many as the previous month, according to a Gallup survey. With some companies extending remote work through the end of the year and many others likely to continue to support a larger remote worker population than they did before the coronavirus, the corporate VPN offers essential connection. Take steps now to keep that connection secure.

Brian Trzupek is SVP of Emerging Markets at DigiCert

Related Links

Hot Topics

The Latest

Why Observability Is the Missing Piece in Your Business Growth

Every digital customer interaction, every cloud deployment, and every AI model depends on the same foundation: the ability to see, understand, and act on data in real time ... Recent data from Splunk confirms that 74% of the business leaders believe observability is essential to monitoring critical business processes, and 66% feel it's key to understanding user journeys. Because while the unknown is inevitable, observability makes it manageable. Let's explore why ...

Gartner: Regular AI System Assessments Triple the Likelihood of High GenAI Value

Organizations that perform regular audits and assessments of AI system performance and compliance are over three times more likely to achieve high GenAI value than organizations that do not, according to a survey by Gartner ...

Beyond Autoscaling: What True Kubernetes Optimization Actually Requires

Kubernetes has become the backbone of cloud infrastructure, but it's also one of its biggest cost drivers. Recent research shows that 98% of senior IT leaders say Kubernetes now drives cloud spend, yet 91% still can't optimize it effectively. After years of adoption, most organizations have moved past discovery. They know container sprawl, idle resources and reactive scaling inflate costs. What they don't know is how to fix it ...

Is Your Network Ready for the AI Boom? 5 Overlooked Stress Points

Artificial intelligence is no longer a future investment. It's already embedded in how we work — whether through copilots in productivity apps, real-time transcription tools in meetings, or machine learning models fueling analytics and personalization. But while enterprise adoption accelerates, there's one critical area many leaders have yet to examine: Can your network actually support AI at the speed your users expect? ...

Keeping Your Business Stable When Going Through an IT Disaster

The more technology businesses invest in, the more potential attack surfaces they have that can be exploited. Without the right continuity plans in place, the disruptions caused by these attacks can bring operations to a standstill and cause irreparable damage to an organization. It's essential to take the time now to ensure your business has the right tools, processes, and recovery initiatives in place to weather any type of IT disaster that comes up. Here are some effective strategies you can follow to achieve this ...

Want Secure Remote Worker Access with VPN? These 5 Steps Get You Closer

Brian Trzupek
DigiCert

Many remote employees must access a corporate private network from home to continue business as usual. Organizations are turning to virtual private networks (VPN) as never before to keep remote workers connected to critical information and tools. To protect sensitive data and network bandwidth, however, companies must secure and control that network access such as by incorporating digital certificates into their cybersecurity strategy. Follow these five VPN best practices for secure remote worker access.

Best practice #1: Choose a corporate VPN wisely

Confidence with your corporate VPN starts with selecting the right one. VPNs enable employees to securely connect to enterprise applications over the public internet. Be cautious with free VPNs as the provider could be making money by selling information about user behavior, according to the Gizmodo UK article Why You Need a VPN and How to Choose One. Look for well-established VPN providers with a good cybersecurity record. In particular, scrutinize the provider's data policies.

"Using a VPN isn't going to protect your online privacy if that VPN is busy logging everything you're doing and handing records over to governments, so you want to do some digging," according to the article. "The ideal VPN provider promotes a zero logs policy and encrypts transmitted data using a well-established open-source protocol."

Best practice #2: Train employees on VPN user etiquette

While the employee dress code may have loosened (business attire on top, pajamas on the bottom, anyone?), company cybersecurity standards shouldn't. Remote employees shouldn't extend the comforts of working from home to lax attitudes toward the corporate VPN.

Accessing the corporate VPN should happen only after remote employees register their devices with IT (IT-issued devices are even better), and make sure email and storage are encrypted, according to Security Intelligence article Develop Tailored Cybersecurity Self-Assessments to Help Secure Your Remote Workforce.

Prevent potential problems by adding corporate VPN guidelines to the employee handbook. Include them in any login instructions provided when handing out laptops during onboarding so everyone is clear on what's expected from the outset.

VPN usage guidelines aim to prevent bandwidth overload and protect against cybersecurity threats. Consider the following suggestions for the types of online behavior to prohibit on a corporate VPN:

■ Streaming Netflix, Spotify, YouTube, Twitch or other services

■ Personal web-browsing (shopping, checking personal email, posting to Instagram and other personal social accounts)

■ Meeting via Zoom, Microsoft Teams or other videoconferencing applications that don't require VPN

■ Downloading or uploading large files

■ Updating software

Best practice #3: Monitor remote employee VPN usage

While developing — and sharing — VPN guidelines should decrease issues, it won't eliminate them entirely. Closely monitor VPN usage to ensure that remote employees aren't inappropriately using the corporate VPN. If necessary, you can block problematic sites from being accessed on the company's network.

Even the most cybersecurity-savvy employee has an occasional lapse in judgment. One of the most common errors is for employees to mistakenly view the corporate VPN as an endless, renewable resource rather than as a costly, limited one. Monitoring can capture overall bandwidth usage and make sure nobody is slowing the network down for other remote employees. With so many more employees reliant on a corporate VPN, infrastructure will likely need to be built out if VPN performance suffers.

Best practice #4: Adopt multi-factor authentication

With the huge recent increase in VPN users, "the pool of potential victims who lose their credentials is higher than ever before," according to the eWeek article How to Make Sure Your VPN Access Remains Seamless. The former access default of a username and password no longer cuts it. Instead, anyone attempting to access the corporate network should first provide some evidence (or factor) of their identity.

Factors include:

■ Something they know (like their mother's maiden name)

■ Something they have (like a bank card, or private key- per below)

■ Something they are (a physical characteristic like a fingerprint or typing speed)

Experts disagree on whether requiring that people offer two factors (two-factor authentication) is sufficient or whether asking for three factors (multi-factor authentication) is best. I strongly recommend multi-factor authentication (MFA) for increased VPN security, especially since remote employees connecting to the VPN from home probably don't have an Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS).

Best practice #5: Incorporate public key infrastructure (PKI)

Another way to increase security for your remote employees is with modern public key infrastructure (PKI), which is a system of processes, technologies and policies that enable companies to encrypt and/or sign data as well as attest to strong identity of the user. By incorporating PKI into their remote work security policies, companies can better control virtual network access via digital certificates and public-key encryption. Access can be revoked if an employee leaves the company.

Additionally, a digital certificate is an incredibly strong second (or multiple) factor of authentication as mentioned in point 4 above. The combination of a user name/password AND digital certificate creates a cryptographically strong authentication process that drastically decreases account hijacking threats.

The number of businesses using PKI as part of their cybersecurity strategy more than doubled over a decade, with 65 percent using it in 2018, according to an IDC study sponsored by DigiCert.

"PKI, if properly deployed and managed, is one of the most powerful tools organizations can use to avoid costly and reputation-damaging data breaches," said Rob Westervelt, Research Director, Security Products at IDC.

Offer secure remote worker access with VPN best practices

Sixty-three percent of U.S. employees reported working from home in mid-April — twice as many as the previous month, according to a Gallup survey. With some companies extending remote work through the end of the year and many others likely to continue to support a larger remote worker population than they did before the coronavirus, the corporate VPN offers essential connection. Take steps now to keep that connection secure.

Brian Trzupek is SVP of Emerging Markets at DigiCert

Related Links

Hot Topics

The Latest

Why Observability Is the Missing Piece in Your Business Growth

Every digital customer interaction, every cloud deployment, and every AI model depends on the same foundation: the ability to see, understand, and act on data in real time ... Recent data from Splunk confirms that 74% of the business leaders believe observability is essential to monitoring critical business processes, and 66% feel it's key to understanding user journeys. Because while the unknown is inevitable, observability makes it manageable. Let's explore why ...

Gartner: Regular AI System Assessments Triple the Likelihood of High GenAI Value

Organizations that perform regular audits and assessments of AI system performance and compliance are over three times more likely to achieve high GenAI value than organizations that do not, according to a survey by Gartner ...

Beyond Autoscaling: What True Kubernetes Optimization Actually Requires

Kubernetes has become the backbone of cloud infrastructure, but it's also one of its biggest cost drivers. Recent research shows that 98% of senior IT leaders say Kubernetes now drives cloud spend, yet 91% still can't optimize it effectively. After years of adoption, most organizations have moved past discovery. They know container sprawl, idle resources and reactive scaling inflate costs. What they don't know is how to fix it ...

Is Your Network Ready for the AI Boom? 5 Overlooked Stress Points

Artificial intelligence is no longer a future investment. It's already embedded in how we work — whether through copilots in productivity apps, real-time transcription tools in meetings, or machine learning models fueling analytics and personalization. But while enterprise adoption accelerates, there's one critical area many leaders have yet to examine: Can your network actually support AI at the speed your users expect? ...

Keeping Your Business Stable When Going Through an IT Disaster

The more technology businesses invest in, the more potential attack surfaces they have that can be exploited. Without the right continuity plans in place, the disruptions caused by these attacks can bring operations to a standstill and cause irreparable damage to an organization. It's essential to take the time now to ensure your business has the right tools, processes, and recovery initiatives in place to weather any type of IT disaster that comes up. Here are some effective strategies you can follow to achieve this ...