Does A VPN Actually Protect You From Todays Cybercriminals?

To protect their employees and avoid potentially costly cyber security incidents, many organizations are strengthening their digital defenses by investing in virtual private networks, or VPNs for short. But do VPNs really protect employees from today’s cybercriminals, let’s start by explaining how they work.

Todays cybercriminals

What is a VPN and what does it do?

A virtual private network is essentially a tunnel between a client device and a remote VPN server. All data that passes through this tunnel is encrypted and thus protected from third parties. In addition, allowing the client to hide their real IP address behind the server’s IP address while browsing the web, downloading files, or streaming audio and video content.

VPNs usually fall into two main categories

Personal

VPN services that fall into this category are aimed at users who want to improve their online privacy and access geo-restricted content, among other things.

Business

VPN services in this category, often set up by businesses themselves, are designed to securely connect remote employees to a specific corporate network and allow them access to sensitive internal resources. Employees who don’t understand this important distinction sometimes use their company’s VPN service to access inappropriate content, only to be surprised when IT sends them an alert listing the websites they’ve visited.

What threats can VPN stop?

A VPN protects its users by encrypting their data and hiding their real IP addresses. As such, they are very effective when it comes to stopping the following two threats.

Man-in-the-middle attacks

As the name suggests, MITM attacks involve an adversary acting as an intermediary between the client and the server. Employees may encounter this attack when connecting to public Wi-Fi hotspots, not all of which are as legitimate as they appear.

Distributed denial of service

Just like a thief can’t steal your valuables if they don’t know where you live. unless they know your real IP address because it is hidden behind the VPN server’s IP address. The very ability to effectively stop MITM attacks makes a VPN an essential tool or organizations with remote employees.

VPN limitations

Malware

The VPN does not act as a content filter, so it does not prevent employees from clicking on malicious links and opening infected attachments. When used to connect to a specific corporate network, a VPN can allow malware to spread to other devices connected to the same network if the company’s anti-malware software does not detect it.

Social engineering

Phishing, vishing, and other social engineering attacks aren’t something a VPN can stop because they target what many cybersecurity experts call the weakest link in the cybersecurity chain: people. 

Cryptojacking

Cryptojacking scripts that hijack a victim’s computer to mine cryptocurrencies such as Bitcoin have proliferated on the web. Such scripts do not need to know what the victim’s real IP address is in order to use its computing resources, so the VPN cannot do anything about them.

Conclusion

A VPN is a useful tool that can greatly improve the privacy and security of employees when remotely connecting to company resources or accessing the Internet using a public Wi-Fi network.