Over the past few months, the Cybersecurity Tech Accord has been researching and promoting cyber hygiene initiatives that businesses can adopt easily and that have a cumulative impact – protecting us all at scale. In the next few weeks, we will pivot to explore different cyber hygiene practices that individuals can leverage to protect themselves online. We will highlight the importance of deploying timely security updates, utilizing multifactor-authentication, and protecting yourself from password spray, but we will start by discussing the benefits of using a virtual private network (VPN).
Despite knowing better, many of us frequently connect to unsecured public WI-FI out of convenience or to avoid data charges on mobile devices. Unfortunately, this can have far-reaching negative consequences. Nefarious actors can easily intercept, modify, or steal data from you, including images, videos, email, instant messages, and login credentials and passwords. Using a VPN can help protect you by masking identifying information from prying eyes.
What exactly do VPNs do?
To put it succinctly, VPNs rely on servers, protocols, and encryption to hide your data and location from bad actors. Once connected, a VPN can direct your internet traffic to one of its servers, where it is encrypted, and sent to the site you intend to visit. The data encryption makes it difficult for anyone to track your online activity or execute a cyberattack. Moreover, using a VPN disguises your location by replacing your IP address with their server’s, which is why they are probably best known for accessing video streaming services in different countries. Finally, some VPNs come with additional built-in protections, which automatically block malicious sites and pop-ups. In short, using a VPN – on both your phone and computer – increases your privacy and security online.
How do you choose a VPN?
When choosing a VPN, your first question should be whether you want to run your server or go with an external provider. There is no simple answer for that, as it will depend on your needs and whether you are looking for your personal use or for your organization.
External providers tend to be more cost effective, as offers tend to be inexpensive, or even free. When it comes to organizations, you should also consider whether the service is compatible with your preferred operating system, does it work on both mobile and desktop, and does it have multi-user support?
Price aside, using an external provider can expose you to more risk. It is important to remember that the VPN provider might be able to see your online traffic, will likely retain your credit card data, and potentially your IP address. Using a VPN does not mean you are anonymous online.
If you decide to go with an external provider, how do you decide which one to use amongst the hundreds available? We recommend asking the following questions to ensure you select a provider that prioritizes cybersecurity:
- Does the VPN collect user data, or does it have a no logs policy?
- Does it accept anonymous forms of payment?
- Does it have DNS leak protection in place, which ensures that your activity is not unintentionally routed back to the internet service provider?
- How safe is the VPN’s encryption? What is the strength of its encryption ciphers, and does it use end-to-end encryption?
- Does it support IPv6?
- Does it protect from WebRTC exploitation, i.e. the technology that browsers use to communicate with each other?
- Where is the VPN based, and which privacy laws does it follow?
- What do their product reviews look like? Have they been in the news recently? Do they highlight examples of any reputable clients? Do they publish transparency reports?
What are the best VPN options out there?
While the recommendations highlighted above will help you navigate this space, we understand it isn’t easy to make an informed choice with so many factors to consider. If you’re feeling stumped, we recommend taking a look at this VPN comparison chart, which analyzed almost 200 providers based on their jurisdictions and policies, as well as this set of recommendations focused on privacy. PC World recently made a comparison listicle which focuses on usability, privacy and security.
Overall, pick the solution that works best for you and remember to keep the VPN on whenever possible.
To learn more about good cyber hygiene practices, visit the introduction to Domain-based Message Authentication, Reporting & Conformance (DMARC), Domain Name Security (DNS), and Mutually Agreed Norms for Routing Security (MANRS).