Want Secure Remote Worker Access with VPN? These 5 Steps Get You Closer
July 27, 2020

Brian Trzupek
DigiCert

Share this

Many remote employees must access a corporate private network from home to continue business as usual. Organizations are turning to virtual private networks (VPN) as never before to keep remote workers connected to critical information and tools. To protect sensitive data and network bandwidth, however, companies must secure and control that network access such as by incorporating digital certificates into their cybersecurity strategy. Follow these five VPN best practices for secure remote worker access.

Best practice #1: Choose a corporate VPN wisely

Confidence with your corporate VPN starts with selecting the right one. VPNs enable employees to securely connect to enterprise applications over the public internet. Be cautious with free VPNs as the provider could be making money by selling information about user behavior, according to the Gizmodo UK article Why You Need a VPN and How to Choose One. Look for well-established VPN providers with a good cybersecurity record. In particular, scrutinize the provider's data policies.

"Using a VPN isn't going to protect your online privacy if that VPN is busy logging everything you're doing and handing records over to governments, so you want to do some digging," according to the article. "The ideal VPN provider promotes a zero logs policy and encrypts transmitted data using a well-established open-source protocol."

Best practice #2: Train employees on VPN user etiquette

While the employee dress code may have loosened (business attire on top, pajamas on the bottom, anyone?), company cybersecurity standards shouldn't. Remote employees shouldn't extend the comforts of working from home to lax attitudes toward the corporate VPN.

Accessing the corporate VPN should happen only after remote employees register their devices with IT (IT-issued devices are even better), and make sure email and storage are encrypted, according to Security Intelligence article Develop Tailored Cybersecurity Self-Assessments to Help Secure Your Remote Workforce.

Prevent potential problems by adding corporate VPN guidelines to the employee handbook. Include them in any login instructions provided when handing out laptops during onboarding so everyone is clear on what's expected from the outset.

VPN usage guidelines aim to prevent bandwidth overload and protect against cybersecurity threats. Consider the following suggestions for the types of online behavior to prohibit on a corporate VPN:

■ Streaming Netflix, Spotify, YouTube, Twitch or other services

■ Personal web-browsing (shopping, checking personal email, posting to Instagram and other personal social accounts)

■ Meeting via Zoom, Microsoft Teams or other videoconferencing applications that don't require VPN

■ Downloading or uploading large files

■ Updating software

Best practice #3: Monitor remote employee VPN usage

While developing — and sharing — VPN guidelines should decrease issues, it won't eliminate them entirely. Closely monitor VPN usage to ensure that remote employees aren't inappropriately using the corporate VPN. If necessary, you can block problematic sites from being accessed on the company's network.

Even the most cybersecurity-savvy employee has an occasional lapse in judgment. One of the most common errors is for employees to mistakenly view the corporate VPN as an endless, renewable resource rather than as a costly, limited one. Monitoring can capture overall bandwidth usage and make sure nobody is slowing the network down for other remote employees. With so many more employees reliant on a corporate VPN, infrastructure will likely need to be built out if VPN performance suffers.

Best practice #4: Adopt multi-factor authentication

With the huge recent increase in VPN users, "the pool of potential victims who lose their credentials is higher than ever before," according to the eWeek article How to Make Sure Your VPN Access Remains Seamless. The former access default of a username and password no longer cuts it. Instead, anyone attempting to access the corporate network should first provide some evidence (or factor) of their identity.

Factors include:

■ Something they know (like their mother's maiden name)

■ Something they have (like a bank card, or private key- per below)

■ Something they are (a physical characteristic like a fingerprint or typing speed)

Experts disagree on whether requiring that people offer two factors (two-factor authentication) is sufficient or whether asking for three factors (multi-factor authentication) is best. I strongly recommend multi-factor authentication (MFA) for increased VPN security, especially since remote employees connecting to the VPN from home probably don't have an Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS).

Best practice #5: Incorporate public key infrastructure (PKI)

Another way to increase security for your remote employees is with modern public key infrastructure (PKI), which is a system of processes, technologies and policies that enable companies to encrypt and/or sign data as well as attest to strong identity of the user. By incorporating PKI into their remote work security policies, companies can better control virtual network access via digital certificates and public-key encryption. Access can be revoked if an employee leaves the company.

Additionally, a digital certificate is an incredibly strong second (or multiple) factor of authentication as mentioned in point 4 above. The combination of a user name/password AND digital certificate creates a cryptographically strong authentication process that drastically decreases account hijacking threats.

The number of businesses using PKI as part of their cybersecurity strategy more than doubled over a decade, with 65 percent using it in 2018, according to an IDC study sponsored by DigiCert.

"PKI, if properly deployed and managed, is one of the most powerful tools organizations can use to avoid costly and reputation-damaging data breaches," said Rob Westervelt, Research Director, Security Products at IDC.

Offer secure remote worker access with VPN best practices

Sixty-three percent of U.S. employees reported working from home in mid-April — twice as many as the previous month, according to a Gallup survey. With some companies extending remote work through the end of the year and many others likely to continue to support a larger remote worker population than they did before the coronavirus, the corporate VPN offers essential connection. Take steps now to keep that connection secure.

Brian Trzupek is SVP of Emerging Markets at DigiCert
Share this

The Latest

December 03, 2020

As we reflect on the last year and begin to plan for the future, we expect to see trends like prioritization of the user experience and the dependence on IT teams continue, recognizing that what worked yesterday, may not work today or in the near future ...

December 02, 2020

Microsoft had a stellar quarter in Q3 of this year, beating expectations in all its three core segments. The demand for its Azure cloud services continues to grow. The other heavy tech giants such as Google and Amazon also reported gains, thanks to an increase in stimulus e-commerce spending and work from home extension policies. As several companies follow the lead of Microsoft and Google, IT leaders will need to quickly adapt to a new normal and adjust strategies to accommodate its distributed workforce. Here are 7 reasons why real user monitoring should matter to IT ...

December 01, 2020

Organizations around the world are facing heightened pressure to accelerate their digital transformation, as their customers, competitors, and business stakeholders all recognize doing so is no longer a company strategy, but a matter of survival. At the same time, these organizations are experiencing an equally difficult counter-pressure resulting from this transformation: complex multicloud environments and a growing inability to manage them ...

November 30, 2020

The "New Normal" in IT — the fact that most DevOps personnel work from home (WFH) now — is here to stay. What started out as a reaction to the COVID-19 pandemic is now a way of life. Many experts agree that development teams will not be going back to the office any time soon, even if the public health concerns are abated. How should DevOps and development adapt to the new normal? That is the question DEVOPSdigest posed to the development community. DevOps industry experts — from analysts and consultants to community leaders and the top vendors — offer their best recommendations for how development organizations can react to this new environment ...

November 24, 2020

Shoppers are heading into Black Friday with high expectations for digital experiences and are only willing to experience a service interruption of five minutes or less to get the best deal, according to the 2020 Black Friday and Cyber Monday eCommerce Trends Study, from xMatters ...