A crash course in VPN protocols for newly remote teams
You can’t call a time-out on data security. Especially not now when this current crisis finds many people working from home.
It’s easier to feel secure about your data when all your employees and their devices are in the same office, but it’s now pretty clear that this is an impossible requirement to rely upon. Even putting the pandemic aside, remote work has been a rising trend for years now, and the frequency of companies going remote-first or at least heavily remote seems likely only to increase as time goes on.
Leaping into the minutiae of Internet security may not seem particularly interesting when everyone is first and foremost worried about their own personal health and security, but bad actors and hackers won’t wait patiently for you to be ready for them, and unprepared remote workers give them an opportunity to steal and exploit data.
Do a quick Google search and you'll find yourself bombarded with options for virtual private network (VPN) providers. So please allow us to add to that bombardment with our own crash course in VPN protocols.
VPNs to the rescue?
Employees working from home are using their own Wi-Fi networks (and potentially their own devices) to connect to mission-critical tools like code repositories, email, finance software, business accounts, applications, etc. Unless the employees are IT veterans, chances are their device and network security are subpar, potentially exposing their internet usage to unsavory characters — and your business to data breaches.
If you don’t have a pile of cash to drop on secured laptops and routers for every employee, never fear — that’s why VPN is here. What is a VPN? In short, a VPN forms a protective private tunnel around internet traffic, encrypting data as it travels between client (employee device) and server.
VPNs can also be used to allow access to your office’s network (and all its local resources) to employees at home. This increases security for sensitive intellectual properties and ensures access to important office resources (such as that pricey single-license CAD software installed on the desktop in Sandra’s office. Only the very best in CAD software for Sandra).
The VPN is a backyard fort, where only people who know the secret handshake can access your data. The VPN protocol is the secret handshake. When it comes to your VPN, choosing the right secret handshake is essential to ensuring that your employees can work without worrying about security or stability.
Why should I care about VPN protocols?
Unless “learn about VPN protocols” is a personal research hobby you’ve decided to start while under quarantine, you probably aren’t interested in VPN protocols for their own sake. All that matters is ensuring your whole company isn’t brought down by one employee whose roommate set their home Wi-Fi name to “Cool WiFI” and password to “pizza123”.
While you don’t need to know the nitty-gritty of VPN protocols to safeguard your data, a good working knowledge of VPN protocols is important when it comes to choosing the right VPN. Why? Because every VPN protocol offers its own unique combination of speed and security, which allows you to customize your VPN to best suit your work. This customization happens in two key ways:
#1: VPN Protocols Allow You to Balance Speed and Security
Your required speed-to-security ratio will differ based mainly on the kind of work you’ll be doing over VPN and how many people will use it at a time. If most of your work apps are cloud-based (such as G Suite, Microsoft Office 365, SaaS apps, etc.), VPN bandwidth usage will be fairly light, even with many people connected. In this case, security might be more important to you than speed, since speed likely won’t be a major problem.
If you’re using your VPN to connect workers remotely to resource-intensive software like design programs, you’ll need to use a VPN protocol that supports higher speeds, so that your workers don’t lose their collective minds staring at little spinning pinwheels all day.
#2: VPN Protocols Allow You to Adjust Your VPN for Bandwidth
The other consideration is your company’s infrastructure. If you’re a remote-only company, you don’t have to worry about connecting employees securely to a single network based at a physical location. This frees you from factoring your office’s internet bandwidth and speeds into the equation, which in turn frees you to double down on security without having an added slowdown factor.
If your company centers on a physical location, then more complicated factors of IT support, office internet speeds, and remote desktop access (or company-issued laptops) enter the equation. In this case, speed and volume are going to be your biggest considerations. Ease of setup and use are also important to bear in mind, since your IT folks have to get your VPN playing nicely with your existing network infrastructure.
The (probably) top 3 VPN protocols
When it comes to choosing the VPN protocol you’ll use, remember that most VPN software supports multiple protocols, so you’re not locked into one protocol forever. Many VPN providers also give you the option to automatically select the protocol that will perform the best* on any given day.
Bear in mind that’s only The Best™ according to the VPN provider. So read on to get a feel for what you’re getting into before just setting and forgetting protocols.
OpenVPN is pretty much the standard of VPN protocols (at least currently) and for good reason. While “open VPN” sounds like an oxymoron, being open source and having a strong community behind it has made OpenVPN one of the most secure protocols available. It offers users the flexibility of two different Internet Protocols (TCP and UDP), the security of the OpenSSL library and 256-bit encryption, as well as decent speeds.
Popular VPN software that supports this protocol
OpenVPN is a good, balanced protocol if you’re looking for a sweet spot of both speed and security. While it can be a little more involved to set up than others because it’s not native to any operating system, most of the industry chooses OpenVPN as their top pick of VPN protocol due to its security-to-speed ratio and its open-source nature.
IKEv2 (Internet Key Exchange Version 2)
IKEv2 is often hailed as the fastest VPN, but it’s best known as the mobile VPN protocol. This is because IKEv2 has MOBIKE support, which basically means it can change networks (like from Wi-Fi to 4G) without losing VPN connection. IKEv2 offers excellent security, including a certificate-based authentication process. It’s generally regarded as less CPU-intensive than OpenVPN, while offering a level of security (through IPSec) that is nearly as good.
Popular software that supports this VPN protocol:
The biggest downside to IKEv2 is that it has very limited compatibility. If you have a Microsoft system, this won’t be a problem for you, since IKEv2 was developed by Microsoft and Cisco. But for other users, IKEv2 may not currently be an option.
L2TP (Layer 2 Tunneling Protocol)
If IKEv2 is second place for speed, L2TP is second place for security when paired with a second encryption protocol. L2TP should never be used on its own because it has no native encryption. This would be a major problem, except it pairs excellently with IPSec (Internet Protocol Security). IPSec is a collection of encryptions and security protocols designed to anonymize and protect data packets from third parties. Because of this, you’ll almost always see this protocol listed as L2TP/IPSec (and if you don’t, that’s a red flag).
Popular VPN software that supports this protocol includes:
L2TP/IPSec is usually faster than OpenVPN but also a little less secure and less stable. However, data sent through this VPN protocol is double-authenticated, a level of security that might be the deciding factor for some users. The biggest downside to L2TP is that it can be blocked by NAT firewalls far more easily than OpenVPN, which makes it inherently less stable. However, if you want a VPN protocol that can run natively on both Mac and Windows, L2TP/IPSec offers a safe, solid choice.
Wait, why are you only listing three VPN protocols?
There are many more VPN protocols, of course, but this article is more of a crash course than an exhaustive list.
Emergency measures if you needed a VPN yesterday
At the moment, you might understandably be scrambling to make sure your employees are working from home securely. You might not have the option to thoroughly research solutions, compare quotes, or consider overall business strategy. If this is the case, try these quick, relatively cheap stopgap solutions to ensure security while you work on longer-term solutions.
Make sure you have other data security measures in place. Even with a great VPN, security vulnerabilities will still exist if you haven’t covered the basics of online security. You may even find that these measures provide adequate security for the short-term situation, giving you breathing room as you figure out your VPN requirements.
- Encourage employees to use a password manager (Chrome and Firefox both have this capability built-in). The goal is to make sure hackers can’t exploit your data because of that one employee who uses the same password for every login.
- Set up two-factor authentication across your organization—because, inevitably, someone is still using their name as their password.
- Give your employees (and yourself) a refresher course on basic internet security and privacy habits. It’s low-effort, but sometimes the smallest measures can make a big difference for overall security.
- Make sure your employees are not using default router passwords and that their home Wi-Fi is not unsecured, as this exposes your network to wardriving cyberattacks.
Look into VPN software designed for individual setup. Many top-notch VPN providers have offerings geared toward the individual user. They design their software to be simple enough that individuals can set them up with little to no intervention from the IT team. While this approach won’t give you a unified business network, it will provide a much-needed layer of security while your employees work from home. Here are some of the internet’s top recommendations to get you started:
- TunnelBear is Wirecutter's choice for best VPN software. TunnelBear is user-friendly and effective for security. TunnelBear for Teams is just as simple to use and lets you manage VPN software for your whole team.
- ExpressVPN is TechRadar's pick for best VPN software. ExpressVPN is scalable, is supported across all major systems and devices, and offers unlimited bandwidth on their servers for good speeds.
- NordVPN is another top-ranking VPN provider. It gives users flexible security that covers them from their work desktop to home laptop to smartphone. Their NordVPN Teams offering supports business needs without sacrificing ease of use.
There are a lot of VPN options out there, and not a lot of time right now to explore them all. If none of these options feels right to you, consult a security expert.
Crash course completed!
VPN protocols aren’t the be-all and end-all of your VPN choice. But knowledge is power, so, hopefully, armed with this knowledge you’ll be in a more powerful position to make decisions on how to best secure your data with an increasingly distributed workforce.
Shortcut is not a VPN provider, but we are where remote teams do their best work. If you're in need of better project management (and you don't already use Shortcut), you should sign-up and give us a try.