Want Secure Remote Worker Access with VPN? These 5 Steps Get You Closer
July 27, 2020

Brian Trzupek
DigiCert

Share this

Many remote employees must access a corporate private network from home to continue business as usual. Organizations are turning to virtual private networks (VPN) as never before to keep remote workers connected to critical information and tools. To protect sensitive data and network bandwidth, however, companies must secure and control that network access such as by incorporating digital certificates into their cybersecurity strategy. Follow these five VPN best practices for secure remote worker access.

Best practice #1: Choose a corporate VPN wisely

Confidence with your corporate VPN starts with selecting the right one. VPNs enable employees to securely connect to enterprise applications over the public internet. Be cautious with free VPNs as the provider could be making money by selling information about user behavior, according to the Gizmodo UK article Why You Need a VPN and How to Choose One. Look for well-established VPN providers with a good cybersecurity record. In particular, scrutinize the provider's data policies.

"Using a VPN isn't going to protect your online privacy if that VPN is busy logging everything you're doing and handing records over to governments, so you want to do some digging," according to the article. "The ideal VPN provider promotes a zero logs policy and encrypts transmitted data using a well-established open-source protocol."

Best practice #2: Train employees on VPN user etiquette

While the employee dress code may have loosened (business attire on top, pajamas on the bottom, anyone?), company cybersecurity standards shouldn't. Remote employees shouldn't extend the comforts of working from home to lax attitudes toward the corporate VPN.

Accessing the corporate VPN should happen only after remote employees register their devices with IT (IT-issued devices are even better), and make sure email and storage are encrypted, according to Security Intelligence article Develop Tailored Cybersecurity Self-Assessments to Help Secure Your Remote Workforce.

Prevent potential problems by adding corporate VPN guidelines to the employee handbook. Include them in any login instructions provided when handing out laptops during onboarding so everyone is clear on what's expected from the outset.

VPN usage guidelines aim to prevent bandwidth overload and protect against cybersecurity threats. Consider the following suggestions for the types of online behavior to prohibit on a corporate VPN:

■ Streaming Netflix, Spotify, YouTube, Twitch or other services

■ Personal web-browsing (shopping, checking personal email, posting to Instagram and other personal social accounts)

■ Meeting via Zoom, Microsoft Teams or other videoconferencing applications that don't require VPN

■ Downloading or uploading large files

■ Updating software

Best practice #3: Monitor remote employee VPN usage

While developing — and sharing — VPN guidelines should decrease issues, it won't eliminate them entirely. Closely monitor VPN usage to ensure that remote employees aren't inappropriately using the corporate VPN. If necessary, you can block problematic sites from being accessed on the company's network.

Even the most cybersecurity-savvy employee has an occasional lapse in judgment. One of the most common errors is for employees to mistakenly view the corporate VPN as an endless, renewable resource rather than as a costly, limited one. Monitoring can capture overall bandwidth usage and make sure nobody is slowing the network down for other remote employees. With so many more employees reliant on a corporate VPN, infrastructure will likely need to be built out if VPN performance suffers.

Best practice #4: Adopt multi-factor authentication

With the huge recent increase in VPN users, "the pool of potential victims who lose their credentials is higher than ever before," according to the eWeek article How to Make Sure Your VPN Access Remains Seamless. The former access default of a username and password no longer cuts it. Instead, anyone attempting to access the corporate network should first provide some evidence (or factor) of their identity.

Factors include:

■ Something they know (like their mother's maiden name)

■ Something they have (like a bank card, or private key- per below)

■ Something they are (a physical characteristic like a fingerprint or typing speed)

Experts disagree on whether requiring that people offer two factors (two-factor authentication) is sufficient or whether asking for three factors (multi-factor authentication) is best. I strongly recommend multi-factor authentication (MFA) for increased VPN security, especially since remote employees connecting to the VPN from home probably don't have an Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS).

Best practice #5: Incorporate public key infrastructure (PKI)

Another way to increase security for your remote employees is with modern public key infrastructure (PKI), which is a system of processes, technologies and policies that enable companies to encrypt and/or sign data as well as attest to strong identity of the user. By incorporating PKI into their remote work security policies, companies can better control virtual network access via digital certificates and public-key encryption. Access can be revoked if an employee leaves the company.

Additionally, a digital certificate is an incredibly strong second (or multiple) factor of authentication as mentioned in point 4 above. The combination of a user name/password AND digital certificate creates a cryptographically strong authentication process that drastically decreases account hijacking threats.

The number of businesses using PKI as part of their cybersecurity strategy more than doubled over a decade, with 65 percent using it in 2018, according to an IDC study sponsored by DigiCert.

"PKI, if properly deployed and managed, is one of the most powerful tools organizations can use to avoid costly and reputation-damaging data breaches," said Rob Westervelt, Research Director, Security Products at IDC.

Offer secure remote worker access with VPN best practices

Sixty-three percent of U.S. employees reported working from home in mid-April — twice as many as the previous month, according to a Gallup survey. With some companies extending remote work through the end of the year and many others likely to continue to support a larger remote worker population than they did before the coronavirus, the corporate VPN offers essential connection. Take steps now to keep that connection secure.

Brian Trzupek is SVP of Emerging Markets at DigiCert
Share this

The Latest

March 18, 2024

Gartner has highlighted the top trends that will impact technology providers in 2024: Generative AI (GenAI) is dominating the technical and product agenda of nearly every tech provider ...

March 15, 2024

In MEAN TIME TO INSIGHT Episode 4 - Part 1, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at Enterprise Management Associates (EMA) discusses artificial intelligence and network management ...

March 14, 2024

The integration and maintenance of AI-enabled Software as a Service (SaaS) applications have emerged as pivotal points in enterprise AI implementation strategies, offering both significant challenges and promising benefits. Despite the enthusiasm surrounding AI's potential impact, the reality of its implementation presents hurdles. Currently, over 90% of enterprises are grappling with limitations in integrating AI into their tech stack ...

March 13, 2024

In the intricate landscape of IT infrastructure, one critical component often relegated to the back burner is Active Directory (AD) forest recovery — an oversight with costly consequences ...

March 12, 2024

eBPF is a technology that allows users to run custom programs inside the Linux kernel, which changes the behavior of the kernel and makes execution up to 10x faster(link is external) and more efficient for key parts of what makes our computing lives work. That includes observability, networking and security ...