A reliable VPN is one of the key components of a small business’ security perimeter. Gone are the days when small businesses could neglect cybersecurity, thinking cyber crooks go after the big fish only. Reality check says otherwise. More than 43% of cyber attacks target small businesses.
Large businesses launched full ahead into the Digital Transformation, Industry 4.0, Internet-of-Things and all that RFID-based gizmo. Small businesses are somewhat slower to transform due to the limited resources. However, forward-thinking entrepreneurs and a large population of agile and highly-flexible startups see the wisdom in taking cybersecurity and privacy seriously. And VPN is an integral part of your corporate security.
Phishing, identity theft, ransomware are just the tip of the iceberg. Sadly, some of the most frequent attacks on small businesses are not even targeted but opportunistic. Opportunistic cyber attacks exploit unwise user behavior, such as connecting to a public Wi-Fi in a hotel, park, Starbucks or even using American Airlines Gogo in-flight Internet connection. This type of attack also leverages vulnerabilities in popular apps, games, and users’ overall latency to install OS updates and patches or enable basic privacy and security features available on their devices.
So, a small business needs to keep the company network, Internet connection, and digital assets secure when working on-premise, or enabling secure access for traveling or remote employees. And VPN is at the top of security tools list alongside end-to-end encryption, two-factor authentication, and a strong password. VPN is an affordable, robust and efficient solution for small business security needs.
I dare say it’s not a question of if a small business needs a VPN, but rather how to choose a good one.
Small businesses comprise a large stratum of entrepreneurs, from not so tech-savvy brick-and-mortar shops to digital start-ups whose staff is made of freelancers working from remote locations in other countries. They are flexible, mobile and almost always limited in resources when it comes to cybersecurity (unless they are in cybersecurity).
IT departments in small companies tend to be an orchestra of 1-2 men with too much work on their plates. The fleet of devices they need to administrate is a mixed bag of BYOD and corporate-owned ones. The level of security awareness among non-tech employees is insufficient to leave them to their own devices when it comes to data security.
Considering common challenges faced by small businesses, here is a brief roundup of the features you might need in a VPN service:
Each VPN provider has great features and brings something unique to the table. While some offer custom plans so that you can scale your subscription as your needs change, others are ideal if you are a small party with telecommuters or remote freelancers onboard.
When choosing, you will certainly focus on what matters most to you – provider’s location and its privacy laws, speed, price or robust encryption. Luckily, most providers on the list offer a reasonable combination of these. If you are still on the fence about what features are paramount in your particular case, read my Guide to Internet Safey. It will give you a better understanding of how VPNs protect your privacy and bypass location-based connection restrictions.
The bottom line is cybersecurity does not have to be a large-scale investment on your part. With due diligence, attention to detail, and expert advice from my modest persona, you can make the right choice.
Switzerland-based VyprVPN combines solid security, great speed, smooth performance and support for almost every platform there is. They deploy a unique Chameleon protocol to scramble metadata and prevent Deep Packet Inspection and offer OpenVPN, L2TP/IPSec, and PPTP protocols.
VyperVPN also offers a kit a caboodle of additional security features such as NAT Firewall, VPN blocking and throttling, and a 24/7 live chat support. Some business plans offer encryption for all employee connections including file transfers, email, and network resources. However, you will have to request a free trial and get in touch with customer support to discover the pricing of these plans, as the two currently listed do not offer many details on the features and perks. However, business customers have the ability to set up a private VPN server.
Panama-based NordVPN has two business plans, with the one-year subscription at $4.5 per month per account. It offers a three-day free trial (no payment details required) and a 30-day money-back guarantee.
The feature set is quite impressive – double data encryption, automatic kill switch, Tor over VPN, double VPN, Smart DNS (geo-spoofing), P2P, Socks5 proxies, DNS leak protection, DNS servers and an ample choice of security protocols including IKEv2 and OpenVPN. The provider does not require company details when you purchase the plan.
Nord supports the major platforms, is polished and intuitive, so if you are more on the privacy-paranoid side, you might as well go for NordVPN.
CyberGhost is a Romania-based VPN provider offering affordable long-term Pro subscriptions with up to 5 devices per each, a generous 30-day money-back guarantee, and conveniently accepts Bitcoin. The service is user-friendly and intuitive; their support is fast, professional and helpful.
They have a slew of additional features such as a P2P, Kill Switch, DNS leak protection, Wi-Fi and App Protection, which allows you to specify which apps get to be VPN-protected, and setup a custom Connection Profile.
It uses HMAC MD5 for hash authentication, which is weak, but the provider is planning to upgrade to SHA-2. Of note is the fact that in 2016, an Android CyberGhost app was found installing a root certificate on client devices. The developer since then released a new version, which does not involve in such dubious activity.
On the bright side, Romania has a pro-privacy stance, is exempt from data retention laws enforced in other EU countries, or mass-surveillance of the Five Eyes. It uses AES-256 encryption and Perfect Forward Secrecy; offers automatic data compression and HTTPS redirect as optional features. The provider claims to keep zero usage logs.
If affordability is your primary goal, you may want to check PureVPN since yearly plans start at just $5 per month. It’s a solid Hong Kong-based service offering a wide range of plans, including customized subscriptions. So you can get a good deal, a dedicated management portal, and an account manager.
PureVPN has many perks such as a stealth browsing mode, two-factor authentication, DDoS protection, online banking security, secure FTP access and more.
PureVPN offers multiple protocols including OpenVPN, L2TP/IPSec, SSTP, PPTP, and IKEv2. My gripe with them has always been the fact that they don’t use Perfect Forward Secrecy, even though AES-256 encryption, SHA-1 (HMAC) authentication, and RSA-256 handshake look solid.
Regarding session logs, PureVPN keeps session – not activity – logs, for troubleshooting purposes and to track user clicks on certain software buttons to track the popularity of features. If you are okay with that, a three-day free trial will help you get a better feel of the UI, speed, and performance, which were rather good in our tests. Also, PureVPN has a seven-day money-back guarantee. Give them a try using the link below!
Israeli-based provider SaferVPN offers excellent customer service, intuitive and good-looking desktop client, mobile apps for iOS, Android, Windows Mobile OS and Blackberry.
The service maintains a no-logging policy, but it records ample session data. SaferVPN offers above-average speeds and supports OpenVPN, L2TP, IKEv2 and PPTP security protocols.
SaferVPN might be a great option if you are looking to provide your employees with a smooth experience when they are working across multiple devices (desktop and mobile). SaferVPN offers a one-day free trial, and then a 14-day money-back guarantee, so you have ample time to make an informed decision before committing to a long-term subscription.
Even though individual users might lack flexibility in Hotspot Shield VPN pricing plans, business users may find that the longer-term business subscriptions are very affordable. For example, a monthly business plan with Hotspot Shield starts at $55 for 60 devices. That’s less than $1 per device. A 30-day money-back guarantee certainly adds confidence while testing the ins and outs for the first time.
It offers a free limited version, which comes with ads and a paywall when it comes to accessing BBC iPlayer, Netflix, and the like services. You may want to try the free version to get the hang of the service before trying a business plan. On a side note, it is a US-based provider with GoldmanSachs as one of their investors. So bear in mind the US data laws, and the fact that it’s a privately-owned provider before committing.
That said, Hotspot Shield uses robust encryption but no Perfect Forward Secrecy and offers an intuitive interface. On the other hand, it has no Linux support, and its Terms of Service are evasive regarding logging. However, the lower-end business plan is ridiculously cheap so small businesses on a tight budget might find it a feasible proposition.