VPN Service ≠ Invisibility Cloak

Third party VPN services do not secure your data.  They may provide an additional brick in your security bunker but they are not the invisibility cloak they claim to be and in some cases they may actually do more harm than good.  For starters, who is your third party VPN service provider?  Are they trustworthy?  Are they subject to US or EU privacy laws?  Or, did you just decided to pipe 100% of your data through an unknown third party?

Three very popular third party VPN service providers, NordVPN, VikingVPN, and TorGuard, were recently breached due in part to poor security practices that resulted in leaked expired TLS (encryption) keys.  Now users of these services may be sharing their data with an unknown criminal instead of the third party service provider.

Just like all security measures, they are only as good as the weakest link.  Businesses and individuals need to discover their vulnerabilities, prioritize their vulnerabilities, and then systematically work to layer security to mitigate the risk.  Start by securing corporate networks with a good Unified Threat Management (UTM) appliance, making sure 100% of your devices have good business class endpoint protection software that is automatically updated, patch all of your hardware and software on a routine basis, BACK UP YOUR DATA, implement phishing prevention measures, and TRAIN YOUR PEOPLE.  This is just a start.  If you don’t know how to do this, put something in your budget to work with someone who can help and get started on the path to better security.

– Go West IT