We’ve just had a disastrous year for corporate hacks, and corporate VPN users may be starting to look up. 

From a Microsoft Exchange server taken over by Chinese hackers to Russian hackers hacking into IT infrastructure company SolarWinds’ servers, there are many less than edifying stories surrounding corporate server security. 

But the question that companies are asking themselves is: Will a corporate VPN be enough to protect us from these cyber attacks?

In part, yes. However, an even more disturbing aspect of the new cyber-attacks is that they do not even spare devices that use the private network offered by corporate VPNs.

So how to save yourself? Let's see it together, also trying to distinguish based on the type of VPN your company uses.

What is a VPN 

Let's start from the beginning: VPN stands for “Virtual Private Network” (so, technically, calling it a “VPN” is a bit redundant).

It is a network because computers that are connected to a VPN behave as if they were physically connected in a private LAN network. 

In reality, users connect remotely from their device to a VPN server, which physically hosts the VPN network, making the private network a private space. virtual and not physical: physically, all users communicate with each other in a safe environment, but remaining comfortably at home, or on the road, or wherever they want.

How a Business VPN Works

The basic principle of corporate VPN is to connect the remote user's device to the virtual network with a secure data tunnel.

The tunnel is enabled by encryption: the data you exchange with your corporate network is encrypted, then “wrapped” in an outer layer that makes it unintelligible to anyone who doesn’t have the key to decrypt it. 

Encryption is handled through a security protocol. The most common protocols are PPTP, L2TP, SSTP, IKEv2, and OpenVPN.

Business VPN: Key Benefits

The Birth of VPNs in Italy

Italian companies have started to take an increasing interest in the application of VPN and its benefits following the pandemic. A global trend, as we can see from Top10VPN site updated statistics.

Regardless of the specific contexts of various countries around the world, it is not so difficult to understand the main reason for the success of VPNs: how could all the devices of employees working from home be guaranteed secure and controlled access to the company network?

It was the urgency of remote work and privacy that made the benefits of VPN seem tempting to many. 

Business VPN, the advantages

A corporate VPN has some indisputable advantages:

• Privacy: Allows secure access to your network and corporate resources from anywhere in the world
• It is generally a cost-effective solution, whether you build it yourself or choose a VPN as a service.
• Allows access with different devices
• VPN authentication can be done with a password, but also with smartcards and biometric recognition.
• VPN allows you to avoid the censorship that some countries operate on some sites or online tools, keeping your privacy intact.

Risks for those who use a corporate VPN - cybersecurity

However, for VPNs as for all technologies, there are dark moments in which risks emerge. 

Security firm FireEye revealed in May 2021 that it had found several malware that had infiltrated Pulse Secure VPN through vulnerabilities in the credential system. The victims were high-level targets, such as governments, financial institutions, and defense officials. 

Hackers stole private credentials by legitimately breaking into the company's VPN. 

This happens due to the very nature of the virtual private network: once you enter, it is very difficult for the VPN server to recognize you as a threat, because you have behaved in a formally legal way. 

Of course, these are very high targets, but it is also important for small and medium-sized businesses to keep their guard up, because the exponential increase in corporate VPNs could lead hackers to target even smaller fish. 

How to save your company privacy policy?

Corporate privacy policy dictates that those who have a VPN today must always pay attention to their devices and the management of their personal credentials. This advice covers all good practices corporate cyber security, not just those related to VPN. 

Security Protocols in a VPN

It is not only - unfortunately - a question of the security protocol used: VPNs based on the IPsec protocol were considered more secure and reliable, but sometimes they are difficult for users to understand.
So, with the explosion of remote/smart working and the need for corporate privacy, more and more VPNs are being built on simpler encryptions, such as single socket layer and transport layer security. However, this is still a largely unexplored field for hackers, and for now our fears are only potential.

One way to “save yourself” is to always carefully consult the technical specifications of the corporate VPN you have, or the VPN you are going to purchase. 

Choose your VPN carefully, even if they all seem safe today: only in this way can you truly guarantee the security that this technology promises, protecting you for the foreseeable future.