We’re probably as normal as we’re going to get with working at home, and that will put more pressure on businesses and employees to step up security. Virtual Private Networks (VPNs) have been around for a while, but we’ve never been completely sold on them. They can give you a false sense of security.
As we see it, they depend on too many people (and organizations) doing the right thing to work effectively. Essentially, they take you across somebody else’s network, and unless you’re the one who vetted the provider and set it up, you have no way of knowing if it’s safe. If you use a computer, cell phone or tablet on a compromised VPN, you’re providing multiple access points for anyone who’s hacked the VPN. It only takes one weak link to compromise a network, and it could take months before a security breach is found. That could be too late to prevent any damage, such as an intrusion of sensitive files or identity theft.
We’re OK with using a VPN while traveling. It’s generally good for a short period of time, and it’s likely to be used by a small group of people in your traveling party on known devices. Whether VPNs are reliably secure in certain communications environments is a debatable point. Given all that is going on today, we believe it’s better to err on the side of caution and use them in limited situations to meet specific needs.
There are much better steps to take, such as two-factor authentication and using mobile apps that store your password.
We’ve discussed two-factor authentication before. While it can take many forms, it generally works by sending a 6-digit code in a text message to a designated mobile device. You then need to enter that code on whatever device you’re using to log onto a website. The problem is that if you are near a cell tower that has been compromised, the communication involving your text message could be intercepted and redirected. It’s not likely in the United States right now; it was more of a problem with older towers. Still, it’s yet another reminder to keep your guard up at all times.
The authentication apps that save your passwords are run through Microsoft and Google, two behemoths that have an equally large stake in your security. The key factor here is that the password is stored in your device, not in the cloud. Anyone who steals your password this way must physically have your device, and they must know your username and password. That minimizes the chance you’ll be compromised – even with a lost or stolen phone.
We’re available to answer any questions you have about security on all your devices and across all networks. Call us – 973-433-6676 – or email us to talk about who uses various devices within your business organization or family and where they use them. We’ll help you develop a plan or policy, if necessary, to strengthen your weakest links and maximize security.