At a glance
By Rosalyn Page
A VPN, or virtual private network, is a secure, encrypted tunnel to the internet or network connection that can help to protect the identity and network activity of the user.
VPNs have many applications, particularly for business. Most recently, VPNs have become an increasingly important business technology tool to facilitate secure remote working and decentralised IT infrastructure.
VPNs are differentiated based on the way they create a secure connection between devices and the internet or network. A site-to-site VPN can be useful for businesses with more than one head office and satellite offices that need to be connected.
Meanwhile, if a business has many employees who work outside of the office, a remote access VPN would allow users a safer connection to the company network.
Some common VPN types include:
Remote Access VPN, such as Perimeter 81, allows individual users to connect securely to a private network and access a company’s services and resources remotely.
Site-to-Site VPN, such as Cisco Meraki, enables secure connections between multiple offices in different locations.
Cloud VPN, such as ExpressVPN, enables users to connect securely to cloud-based infrastructure or services, and is commonly used for businesses to connect on-premises resources to cloud-based storage or applications.
SSL/TLS VPN, such as OpenVPN, provides secure access through a web browser without requiring additional software to be installed on devices such as laptops, mobiles or tablets.
Mesh VPN, such as Tailscale, uses what’s called a “peer-to-peer” system, where devices can connect to each other without going through a central gateway.
VPN for accounting and financial services businesses
Accountants and finance professionals have access to a wide range of sensitive and personal customer data.
Michal Čížek, chief executive and co-founder of tech company GoodAccess, warns that using wi-fi or open networks to remotely access accounting and financial systems such as enterprise resource planning (ERP), financial management systems (FMS) and tax software puts staff and employers at increased risk of cyber attacks, including eavesdropping, unauthorised access, credentials and data theft, and ransomware infection.
Beyond providing a layer of cyber security protection, a VPN may be required to comply with financial and accounting regulations that require secure transfer and storage of sensitive data.
The choice of VPN depends on the type of secure connection needed, the number of remote employees in different locations and the geographical distribution of business systems.
Čížek says business VPNs for accounting and finance firms should combine capabilities of remote access and site-to-site VPN.
“VPNs prevent people from hacking into your network and block bad actors from misusing sensitive data and damaging your critical systems,” says Čížek.
“They can facilitate collaboration between financial professionals, allowing them to securely share and access financial data and documents from any location.”
Where does a VPN fit in a cyber security plan?
A VPN should be used with any open wi-fi network such as those found in hotels and cafes, as well as when travelling overseas, says Ned Farhat, director with digital forensic consultancy CyberSage.
“A VPN is a good security measure to ensure communications with services are protected from snooping eyes,” Farhat says.
However, he warns that VPNs only protect the user’s communication channel. VPN aside, it is still important to ensure that the device itself is protected, and that the service being accessed is legitimate.
In other words, a VPN should never be the only cybersecurity measure, and businesses still need an overarching cybersecurity plan.
“As part of a broader strategy, organisations should also consider strong password policies and two-factor authentication where possible as a complementary line of defence,” Farhat says.
To improve security, and depending on the services being used, Farhat also recommends locking down cloud services to only accept connections from the office IP or network address.
“That way, all staff use a VPN to connect to the office and access corporate services. This effectively locks out anyone without VPN office access, especially malicious actors from overseas,” he says.
Čížek adds that, while VPNs have traditionally been used to connect computers back to the office for secure access to business systems and data, their features are expanding in line with the growing security demands of businesses.
For example, with increasingly more data being held in the cloud, businesses should consider cloud VPN services, which can be pre-configured and include additional security measures for ease of set-up.
“Gone are the days when you had to install a VPN as an on-premise hardware or software solution in your data centre and allocate a dedicated specialist or team to configure and maintain it,” says Čížek.
“A VPN is not only about traffic encryption,” he adds. “It’s a comprehensive network security solution that secures and manages employees’ access to business resources via two-factor authentication, single sign-on (SSO), segmentation of access rights, DNS filtering and other techniques.”