< Back
cyberthreat news

Tags:

ercom Cryptosmart
21 January 2023

Which VPN can you choose to protect your connections and sensitive data ?

Remote work is a challenge for companies processing sensitive data. Hybrid work actually increases the attack surface, making it easier for cybercriminals to attack. As a result, 47% of remote workers have already been tricked by a phishing attempt.

Companies must secure all their connections, from and to every employee endpoint (PC, smartphone, tablet...) to allow them to navigate, communicate and exchange securely.

VPNs are an effective and indispensable protection measure against cyber-threats targeting connections. But not all VPNs offer the same level of security. So how do you choose a VPN adapted to your company's security challenges?

 

Cyber-threats targeting your connections
There are several forms of attacks that employees of a company can face while browsing the web and collaborating online. Here are some examples:

  • Man In The Middle attacks: A hacker discreetly intercepts data exchanged between employees and their contacts. They have no idea that the information they are transmitting has been compromised.
     
  • Malicious websites and advertisements: Contrary to appearances, browsing the web carries risks. Malicious websites and advertisements may trigger an unsolicited download or collect personal information.
     
  • Phishing: Based on identity theft, an e-mail pretending to be a trusted person or a company that your employees know, or a fraudulent website designed to look like an online service frequently used by employees.
     
  • Unsecured networks: Widely used by mobile workers, public Wi-Fi networks (at coffee shops, train stations, airports...) represent a considerable risk. These are often a preferred channel for cyber-attackers to steal user data or spread malware.

While these cyber-threats targeting connections are very common, they are only the tip of the iceberg. The diversity and sophistication of cyber-attacks increases every year.

Why should you choose a VPN solution and how?

VPNs (Virtual Private Networks) are a tool that aims to secure online browsing and data sharing. To do this, VPNs ensure communications are encrypted to protect data in case of interception. They allow you to connect to public networks without fearing for the security of your data.

Of course, there are a myriad of VPN solutions on the market. So how do you choose one for your business?

First, it is important to distinguish between VPNs for consumers and professional VPNs. Many consumer VPNs aim to mine and resell your data. 26 of the 117 most used VPN services collect their users’ data... Contrary to what their terms of use state.

On the other hand, professional VPNs are reliable solutions that ensure privacy.

We also recommend that you choose a sovereign VPN. American digital tools, including VPNs, are in fact required to hand over their customers’ data to the US justice system and federal agencies when requested to do so. Suspicions of economic espionage are therefore high towards this type of solution. It is therefore prudent to choose a French VPN, whose servers are based in France.

Certifications are another important criterion for organizations handling sensitive data. A VPN approved by ANSSI ensures a particularly demanding level of security is met.

Another important criterion is to choose a VPN that encrypts all communications (data, SMS, voice) to avoid any compromise. Furthermore, only your company should manage encryption keys: the VPN vendor itself should not have access to them.

Companies handling sensitive data must ensure their VPN cannot be corrupted. They must choose a VPN that gives them full control over the generation of keys for establishing secure connections.

Finally, it is important to know that a VPN installed alone on an unsecured phone may not offer sufficient security. It is important to use additional protections (antivirus, mobile threat defense, secure phone managed by the company, Mobile Device Management...) to secure your entire mobile fleet.

Of course, some VPNs offer advanced security features. This is the case of Cryptosmart PC and Cryptosmart Mobile, two VPN solutions that meet all the criteria listed above. These two solutions offer government-grade security, particularly with the installation of a gateway within the IS.

Our experts are available to discuss securing connections within your organization.