VPNs have entered the cybersecurity mainstream. Whether people initially wanted more protection for their personal data, higher security on public networks, or greater access to geo-restricted content, consumer VPN use is at an all-time high and set to continue its growth.
A rise in remote working has contributed to the recent surge. For example, at the beginning of the COVID-19 pandemic, VPN usage in the US alone increased by 124% in a single week.
There’s no question that the public is open and amenable to the idea of adding a VPN to their security toolkit, but is there a risk of overreliance on them? They can mask locations and protect communications from one point to another, but can they be relied upon by businesses and consumers alike to protect against direct attacks?
The answers, unsurprisingly, are both yes and no.
Hacker Protection with VPNs
Using a VPN to secure your internet connection can, at the very least, ensure that hackers have a hard time accessing your information.
One of the most common means of launching a direct, targeted attack is through the acquisition of the target’s IP address. Successfully breaching any security in place can potentially enable an attacker to access any devices on the same network. For domestic users, that can directly correlate with an increase in connected devices, from TVs and computers to even refrigerators and security cameras.
For businesses, the effects can be far worse. A single entry point into a secure network can be all that’s required to place malicious software or access sensitive information.
A VPN helps against these attacks by disguising the end-user’s IP address and routing it through another. A stealth VPN can pull off numerous techniques with anonymity in mind, and hiding IP addresses plays a key role. If a hacker launches an attack with the data at hand, they’ll only affect the computer that serves as the end-point of the secure connection. Those servers are often designed solely for use in these networks and are unrelated to the VPN owner’s data.
Most people with even fundamental technical expertise are familiar with the idea of using a VPN for protection on public networks. Wi-fi networks in coffee shops, airports, and other public places are inherently insecure as anyone could, in theory, intercept communications between a device and the router. VPNs ensure that this cannot happen, as while the data transfers can still be intercepted, they are encrypted in such a way that makes them useless.
Essentially, VPNs are an integral part of the anti-hacking toolkit for businesses and consumers through encryption and IP masking. Attacks that rely on either of these are often cut off at the source.
Unfortunately, they’re not the only kinds of hacks people may face.
VPNs Can’t Protect Against All Hack Attacks
Business owners shouldn’t be under the impression that if they can convince all employees to use a VPN when working remotely, their business is suddenly immune to being hacked. Similarly, private users should ensure that they still keep backups and exercise common sense, as VPNs cannot account for everything.
95% of successful cybersecurity breaches can be traced back to human error. A VPN can secure your communications and hide your actual location, but it cannot account for links you follow, attachments you open, or passwords you choose to share with the broader world.
Even when avoiding common pitfalls, it can be easy to share information unwittingly. For example, posting under your own name could potentially open someone up to privacy concerns, even when using a VPN. Therefore, it is essential to remember that steps taken to protect your identity cannot account for any information you choose to share directly.
There are also various hacking techniques that a VPN cannot prevent. For example, a VPN cannot necessarily protect against a data breach as they provide no additional protection once a server has been identified.
In short, it is essential to keep your cybersecurity infrastructure up-to-date, and a VPN is just one component of doing so successfully. While it can single-handedly shut down man in the middle and packet sniffing attacks, it cannot scan malicious attachments or directly defend a server that has already been identified.
In practice, there is no reason not to use a VPN for everyday internet use, especially where sensitive information and weakly protected networks are involved. However, it would be a mistake to pin an entire cybersecurity strategy on the VPN itself. Instead, consider it as one tool in the broader toolkit, and you’ll be in a far stronger defensive position than you were beforehand.