In this article, we’ll cover eight steps you can easily take to secure your network — no matter where your employees are working.

1. Offer reliable, secure hardware and software
2. Require two-factor authentication
3. Instruct your employees to change their home router password
4. Select the right VPN
5. Ensure VPN use
6. Limit access to internal servers
7. Encrypt group calls
8. Protect employee text messaging

We’ve also included an employee checklist at the end of this article to help you guide your remote employees in securing their work.

What are the threats?

First, it’s important to understand what you’re securing your workplace from.

In most cases, you’re simply trying to protect your company from the common cybercriminals who target all of us online to steal personal data for financial gain. They may not actually be singling out your business, but their impact can be huge. Internet scams cost businesses and individuals a combined $10.3 billion in 2022 in the US alone — and likely more, as cybercrime is underreported. 

These include all kinds of attacks, ranging from phishing to ransomware. If a hacker steals your data and demands payment, you may decide you have no choice but to pay. Or if your customers’ personal data leaks onto the dark web, you could be subject to huge fines for violating data protection laws.

Secure your remote workforce

There are multiple ways to mitigate the risks. Many of these start with prioritizing security, both at a management level and in your employees’ habits. We address this in the checklist below. But apart from training and awareness, there are also technical safeguards you can put in place. Here are eight you can work toward right now.

1. Offer reliable, secure hardware and software

Businesses are responsible for their employees’ hardware and software, even when the devices are outside office walls. Employees may choose hardware and software that are ill-suited or not secure for their work if left on their own. While your employees are responsible for following security best practices, expecting them to assess software and hardware security is unfair and unlikely to lead to good results.

Have a security expert, ideally your IT support team, advise employees on what hardware they should choose, including laptops, printers, cellphones, external microphones for remote meetings, etc.

Also advise them on what basic software they need. This includes office suite software, internet browsers, and email clients.

2. Require two-factor authentication

Whether your employees work from home or the office, you should require two-factor authentication (2FA) on all workplace accounts and encourage it on personal accounts. This adds an extra authentication layer when logging in, so even if an attacker steals someone’s username and password, they won’t be able to access the account. 

2FA should be enabled for email, VPN, chat apps, cloud storage, CRMs, and anywhere else your employees access your network. Typically you can require 2FA from your administrator settings.

3. Instruct your employees to change their home router password

Personal home routers usually come with a default password printed on the bottom. Many people never take the time to change these passwords, making their routers vulnerable to hacking. Make sure your employees change and save their router password, just like they would manage any passwords in the office (using the password manager that you have provided them).

4. Select the right VPN 

As a company with a remote workforce, you need a high-quality VPN, or virtual private network. A VPN will protect your employees’ privacy and security no matter where they are connecting to the internet. We developed Proton VPN for Business specifically to address the most critical security needs of small- and medium-sized businesses.

Here is what to keep in mind when selecting a VPN:

• High speed — Don’t settle for a VPN that slows your remote workforce down. Proton VPN for Business’s VPN Accelerator technology uses advanced networking techniques to reduce latency, cut down on protocol inefficiencies, and overcome CPU limitations. Plus, all Proton VPN servers have a minimum of 1 Gbps bandwidth, with 10 Gbps servers available if you need them.
  
• Secure VPN protocols — Business VPN servers should not support the PPTP and L2TP/IPSec VPN protocols as they aren’t secure. At Proton VPN for Business, we only use the VPN protocols known to be secure. These protocols are WireGuard, OpenVPN, and IKEv2.
  
• Strongest encryption — Your remote workers’ security is only as strong as their VPN’s encryption. Proton VPN uses the strongest encryption possible: AES-256 or ChaCha20 for network traffic, 4096-bit RSA for exchange keys, and HMAC with SHA384 for message authentication. Additionally, all our cipher suites use perfect forward secrecy, meaning we generate a new encryption key every time your employee connects to the VPN.
  
• Network protection — Proton VPN for Business’s Secure Core servers are in hardened data centers in Switzerland, Iceland, and Sweden, protected with full disk encryption. Proton is also protected by some of the strongest privacy laws in the world since it’s a Switzerland-based company. That’s why we can maintain our strict no-logs policy.
  
• Open source and audited — Only trust a VPN that is transparent and independently audited. Our Proton VPN apps are 100% open source. On top of that, we regularly commission independent, professional audits and publicly publish the full results.

5. Ensure VPN Use

No matter how advanced your VPN is, if your employees struggle to use it or avoid using it, that VPN is not valuable. 

To ensure VPN use, enable the Always-on and kill switch features that your VPN provider should offer. The Always-on feature ensures your employee’s device always connects to the internet through the VPN server. If that secure connection is lost for any reason, the kill switch feature kicks in and stops traffic to keep your employee safe.

Another common reason remote workers avoid working through a VPN is that they get blocked from websites that interpret them as threats. Proton VPN’s alternative routing technology allows your employees to bypass most firewalls and VPN blocking methods so they can go about their work unimpeded.

6. Limit access to internal servers

Even if you’re a small business, not all employees need access to all internal resources and databases. This kind of access can be especially dangerous if workers are remote. Set up your VPN to control access permissions.

As the admin of the VPN, you can assign an employee or group of employees to one or more dedicated VPN server IP addresses (also known as ‘gateways’) based on what you want them to have access to. Through this segmentation system, your company’s internal server(s) will recognize and allow access requests from the VPN servers you have configured for that permission, rejecting all requests from any other VPN or regular internet servers.

Beyond giving you flexible, granular control of access, this adds an additional layer of protection: Even if a bad actor obtains the username and password to an internal server resource, they will not be able to access it because their device will not be using the assigned VPN server.

7. Encrypt group calls

With remote work comes remote meetings. Make sure you are protecting those meetings.

Wire is a group audio and video conference platform that utilizes zero-knowledge encryption similar to the model we use in Proton services. It can host up to 100 users in a meeting at the same time. It is independently audited and open source.

8. Protect employee text messages and emails

Remote employees are more likely to text and email each other than in-office employees are. As a business, you need to protect that remote work product too. 

Signal is considered the most secure messaging app. It end-to-end encrypts one-on-one messages as well as group messages. It works on both Android and Apple phones, as well as Linux and Windows setups.

Proton Mail is our email service and the largest end-to-end encrypted email provider in the world. It offers advanced features like expiring and Password-protected Emails, encrypted search, and productivity features like snooze.

Remote employee security checklist

People are usually the weakest link in the security of any system, including your organization’s network. Phishing attacks are designed to take advantage of this fact. To mitigate this, we recommend regular security trainings and reminders.

Below is a security checklist you can share with your employees and modify to suit your workplace as needed.

Use your work device securely

• Keep non-essential applications off your work device and secure it when not in use, even at home.
• Lock your device screens with strong passwords any time you are not using them.
• Report lost or compromised devices immediately to ensure sensitive data is secured.
• Turn off Bluetooth if you’re not actively using it.

Data encryption

• Encrypt the hard drives of your work devices to safeguard sensitive data.
• Activate encryption systems on Android, iOS, macOS, and Windows devices and securely store the recovery codes.

Encrypted communications

• Use Proton Mail for private and secure communication.
• Set expiration dates for sensitive messages to enhance privacy.

Update your software

• Keep all operating systems, programs, and applications up to date. New software versions often contain patches for security vulnerabilities.

Strong passwords

• Use strong, unique passwords (at least 16 characters) for each account.
• Utilize a reputable password manager for password management.

Two-factor authentication

• Enable 2FA on all accounts to add an extra layer of protection.
• Use an authenticator app such as the one built into Proton Pass rather than SMS or other less secure forms.

Secure network access

• Avoid sending sensitive information through unsafe external applications.
• Connect to your work computer through a VPN with secure protocols for added security.

Secure home WiFi network

• Change the default password on your home WiFi router to a strong, unique one.
• Enable encryption, preferably WPA2, on your home WiFi to prevent unauthorized access.

VPN usage

• Connect to your company’s VPN when accessing company resources.

Video conference security

• Ensure no sensitive information is visible during video conferences or screen sharing.
• Password-protect all conference calls to prevent unauthorized access.

Stay alert for social engineering and phishing attacks

• Never click links, download attachments, or scan QR codes from unknown or unexpected senders.
• Refrain from sharing screenshots of video conferences or sensitive information on social media.

The post 8 tips to secure your remote workforce (plus an employee checklist) appeared first on Proton VPN Blog.

There are a few reasons they may do this:

• To improve the security of office networks
• To prevent customers, students at educational institutions, or anyone who uses a public WiFi hotspot from accessing illegal or undesirable content
• To improve productivity among staff members by restricting access to social media

In this article, we’ll dig deeper into why organizations use content filtering and how they implement it. 

• Why use content filtering?
• How does content filtering work?
• Other reasons for content filtering

Why use content filtering?

A business or organization may implement content filtering for a number of reasons. It’s commonly employed to enforce policies related to acceptable use, security, and compliance in various contexts, such as homes, schools, workplaces, and public networks.

Security

Content filtering helps to protect networks and systems from malware, viruses, and other security threats by blocking access to malicious websites and content. It can prevent employees from inadvertently downloading or accessing harmful files, and also protect them from phishing scams.

Acceptable Use

Many (if not most) organizations have acceptable use policies (AUPs) that govern how their network and internet resources can be used. For example, most companies don’t want staff using their office WiFi networks to access NSFW, offensive, discriminatory, or harassing  content.

Content filtering can enforce these policies by blocking access to websites and content that violate the AUP.

Public WiFi

Similarly, businesses that offer public WiFi services, such as cafés, airports, and hotels, use content filtering to ensure the security and safety of their customers, while preventing access to illegal or harmful content.

This is also true of universities, schools, and other educational establishments, which often impose stricter restrictions on their networks than commercial businesses do.  

Increased productivity

Organizations sometimes use content filtering to increase workplace productivity by restricting access to non-work-related websites, such as social media, gaming, and streaming platforms. 

The aim is to help ensure that employees stay focused on their tasks, but when everyone can trivially access such services on their smartphones, it’s questionable how effective such tactics are. 

Compliance

Businesses often use content filtering to ensure they adhere to industry regulations, legal requirements, and internal policies. This can include complying with data protection regulations such as HIPAA, GDPR, or CCPA by blocking staff from sharing sensitive information via email or other communication channels.

Content filtering can also be used to help ensure compliance with industry-specific regulations. For example, a financial institution might be subject to regulations such as the Sarbanes-Oxley Act or the Payment Card Industry Data Security Standard (PCI DSS), which require strict controls on data access and storage. Content filtering can help enforce these regulations.

Another aspect of compliance is record keeping and auditing. Content filtering solutions may provide logs and reports that can be used for auditing and compliance verification. These records can be critical for demonstrating that an organization is taking the necessary steps to meet its compliance obligations.

Bandwidth management

Content filtering can be used to manage network bandwidth more efficiently by prioritizing business-critical applications and limiting access to bandwidth-intensive activities such as video streaming.

How does content filtering work?

Content filtering can be implemented in various ways. The exact method used will depend on an organization’s needs (and it may use multiple content filtering techniques).

DNS filtering

The Domain Name System (DNS) maps human-readable domain names to their corresponding IP addresses (for example: protonvpn.com to 185.159.159.140). DNS filtering prevents DNS queries for blacklisted domains from being resolved. 

Learn more about how DNS works

In addition to web content filtering, DNS filtering can help protect organizations from malware and phishing threats by blocking access to known malicious domains. It can prevent users from inadvertently visiting websites that distribute malware or host phishing scams.

DNS filtering can also be used to block access to ad servers or domains known for delivering online advertisements. This helps reduce the number of ads displayed when browsing the web, thus providing a better experience for users.

Proton VPN offers a DNS filtering tool on all platforms called NetShield Ad-blocker that can block ads, malware, and trackers.

Learn more about NetShield Ad-blocker 

URL filtering

URL filtering is similar to DNS filtering, except that it blocks content based on its web address. This allows more fine-grained control than DNS filtering, as it can be used to block specific pages on a website, rather than the entire website. However, it’s less useful for blocking other content, such as malware and ads. 

Keyword filtering

Filtering content based on specific words or phrases is useful for blocking access to particular types or categories of websites, such as those which host gambling or adult content.

Whitelisting

Some organizations block access to all web content that can be accessed using company resources except for a predetermined list of “whitelisted” websites. This is usually done for security reasons. 

Content analysis

This is a fairly new type of content filtering that uses machine learning (AI) algorithms, such as natural language processing and image and video recognition, to analyze the content of websites and then implement blocks based on that analysis. 

Content analysis allows for much more nuanced content filtering than the traditional whitelist/blacklist approach. For example, AI content analysis filtering could tell the difference between an adult website and a website that offers sexual health advice.

However, there are numerous privacy and ethical concerns related to AI content analysis. These can be addressed with effective and responsible human oversight, but achieving the right balance between automated content analysis and human judgment remains a challenging issue. 

Other reasons for content filtering

Although the focus of this article is on organizations, such as businesses and educational facilities that use content filtering, it’s worth noting that content filtering is also used in other contexts.

Government censorship

Authoritarian governments around the world block their citizens’ access to content for political, social, or social religious reasons. As well as the kinds of content filtering listed above (often as the ISP level), governments use their power to execute additional types of content filtering.

Search engine blocks — Governments can pressure search engine providers to remove content they object to from search results.

Deep packet inspection (DPI)  — This is a method of examining data packets that pass through a network so that the traffic type can be identified. 

• Learn more about internet censorship and how it works
• Learn more about deep packet inspection

Parental control

A popular use of content filtering is by parents who wish to moderate what their children can access on the internet. Although traditionally performed by “net nanny” software, over recent years there has been a major shift toward using online software as a services (SaaS) solutions for this purpose. 

Final thoughts

There are many good reasons for organizations to perform content filtering. Moving forward, it’s likely that artificial intelligence will play an increasingly important role in this, so it’s important for companies to develop effective and ethical ways to safeguard the privacy of their staff, customers, or students. 

There is also the risk that authoritarian governments will abuse this power to restrict their citizens’ freedom. However, with Proton VPN for Business, you can evade such restrictions, allowing your organization’s staff unhindered to access the free and open internet. 

Learn more about how your business can benefit from using a VPN
[Get Proton VPN for Business]

The post What is content filtering? appeared first on Proton VPN Blog.

An lP address is a number that uniquely identifies every device that connects directly to the internet (where devices connect to the internet via a router/modem, for example, the IP address is that of the router).

Learn more about IP addresses

Most ISPs dynamically assign IP addresses, issuing new ones as required. In practice, IP addresses issued by ISPs don’t change very often, but they can change at any time. 

Although not a major problem for most domestic customers, this can be very inconvenient for businesses who operate resources that must be accessible from the internet — such as corporate VPN intranets and database servers. Users of these resources need to know the IP addresses on which these resources can be accessed.

Some ISPs offer dedicated (also known as static) IP addresses to business customers. These provide companies with one or more fixed IP addresses that are guaranteed to be the same for as long as they maintain the lease.

• How datacenters and VPNs handle IP addresses
• Benefits of a dedicated IP address
• Proton VPN for Business

How datacenters and VPNs handle IP addresses

Datacenters house banks of servers and then rent use of these servers to mainly business customers. To make these servers accessible to their customers from the internet, datacenters lease dedicated IP addresses from their ISPs.

To offer their services in many countries, commercial VPN services rent server space from third-party datacenters. (In Proton VPN’s case, we only always use bare-metal servers that we have complete control over, and use full-disk encryption so that only our own engineers can access their contents). 

Most VPN services, (including Proton VPN) use shared IP addresses, which means that often hundreds of customers at a time connect to the same IP address. If the VPN service uses bare-metal servers (as they should be), this will be the IP address of the server itself. 

Shared IP addresses are great for privacy, as it makes it harder to identify an individual who is connected to that IP address. Unfortunately, it’s not so good for businesses who want the privacy and security advantages a VPN can provide for their organization, but who also need their company resources to be available from the internet.

To address this problem, some VPN services offer dedicated IP addresses. Like the dedicated IP addresses offered by ISPs and datacenters, these don’t change for as long as you lease them and allow you to access company resources from the internet.

Benefits of a dedicated IP address

There are numerous of benefits for businesses to lease one or more dedicated IP addresses:

Secure remote access to your business servers

With a dedicated IP address, you can ensure that only authorized staff can access your company servers and resources. Anyone trying to access your servers must be connected to a special VPN server dedicated solely to your business and available only to your organization members.

This is particularly useful if your company employs remote workers, as it allows them to securely access company resources while working from home. 

Segmented access to your online resources

Traditional dedicated IP addresses allow you to access resources that your company hosts on its own servers or on server space rented from a datacenter. 

An advantage of using dedicated IP addresses from a VPN service such Proton VPN is that you can use dedicated IP addresses to restrict access to third-party online resources such as cloud storage services, online communication and collaboration platforms, CRMs, HR management tools, and more. 

Further, the flexible nature of VPN-based dedicated IP addresses allows you to provide granular segmented access to your company’s online resources. That is, you can restrict access to resources based on dedicated IP addresses that only certain staff members can access.

For example, you might run a company that leases three VPN-based dedicated IP addresses. All staff members can use server #1 to access commonly used company resources such as your CRM and collaboration platforms. Only some staff members can use server #2, which provides need-to-know access to specific company resources, and only senior staff members can access server #3, allowing them to see staff management tools and other sensitive resources. 

Pain-free access to online services

If you use a VPN service to protect the privacy of your staff members, the use of shared IP addresses can make using online services such as banks, AWS, and Github difficult because they will continually serve up CAPTCHAs or use other means to verify your identity. 

This is because shared IP addresses can be abused by other customers. Dedicated IPs solve this problem, since your IP address isn’t shared with anyone else.

Emails are less likely to be sent to the spam folder

Another problem with using shared IP addresses is that there’s always the possibility other users will abuse the VPN service to send spam emails. 

When email services like Gmail detect the abuse, they often simply blocklist the IP address the spam emails were sent from so that they get sent directly to their users’ spam folders. 

Alternatively, the email service may employ additional checks to ensure emails from the shared IP are legitimate before allowing them to find their way into users’ inboxes. This can dramatically slow down the delivery of emails.

With a dedicated IP address, you can be sure none of this will happen. Only emails belonging to your company will be sent using your dedicated IP address, so there’s little danger of it being flagged as suspicious or spam. This means it will be delivered promptly and directly to your partners’ and customers’ inboxes.

Helps to defeat censorship

If your company or organization is based in an authoritarian country, restrictions on your access to the free and open internet can damage your business. In such situations, it’s common for businesses to use VPN services to evade the restrictions, but this often simply leads governments to block IP addresses belonging to VPN services.

A dedicated IP address that is unique to your business is unlikely to be blocked in this way, allowing your staff to have the unrestricted access to the internet that their jobs demand, and for the outside world to do business with your company. 

Final thoughts — Proton VPN for Business

Proton VPN is trusted by journalists, activists, and ordinary people around the world to protect their privacy and defeat censorship. With our new Proton VPN for Business initiative, you can also protect your business using our service.

With Proton VPN for Business, you can lease VPN-based dedicated IP addresses that provide much greater flexibility than traditional corporate VPN intranet solutions. In addition to allowing remote workers to security access your company’s resources, these allow you to secure access to the online platforms your company relies on, and to segment access to resources on a need-to-know basis. 

The post What is a dedicated IP address and how can it help your business? appeared first on Proton VPN Blog.

However, VPNs were originally developed to let remote workers securely access corporate intranets as though they were physically connected to their office’s local area network (LAN). 

This setup has become less common as businesses shift to more flexible cloud services and online tools. Instead, business VPNs have evolved into services that offer dedicated IP addresses.

Many businesses also find it very useful to provide individual VPN subscriptions to their staff to ensure they can access the internet privately. In this article, we’ll explore why many businesses use VPNs.

There are basically two ways a business can use a VPN:

• Provide staff with VPN subscriptions
• Use dedicated IP addresses

These uses are by no means exclusive. Your business can protect staff members’ privacy with bulk VPN subscriptions and provide secure access to company resources via dedicated IPs. 

The advantages of bulk VPN subscriptions

Bulk VPN subscriptions for businesses work exactly like the individual VPN plans you can buy from commercial VPN services. This allows staff who are remote, hybrid, or traveling to securely connect to any VPN server located anywhere in the world. 

Providing staff with VPN subscriptions gives them all the usual privacy benefits of using a VPN. A VPN’s ability to bypass censorship and access the internet using different countries’ IP addresses can be particularly beneficial in a business context, especially if you have an office or staff in a country that restricts internet access.

Bypass censorship

Staff located in countries that restrict internet access can use a VPN to access the free and open internet. This is useful because it allows employees to bypass biased local narratives and understand how situations are viewed by the international community. 

In places such as China, Russia, Belarus, access to external news sources such as the New York Times or The Guardian is blocked. This can severely restrict staff in PR or other roles that require access to news sources outside their country to do their jobs properly. 

A VPN allows staff to bypass censorship blocks and access news sources as if they were in the news sources’ country of origin.  

Bypass geo-restrictions

VPNs allow businesses to overcome geographical restrictions to access region-specific content and services. With a VPN, staff can connect to servers located in different countries, making it appear that they’re accessing the internet from those locations. 

This can be useful for market research, competitor analysis, and accessing localized business resources.

The advantages of dedicated IP addresses

A dedicated IP address is an IP address that only your organization can use. This means:

1. The IP address will always be available to your business
2. You don’t share it with anyone else

Learn more about dedicated IP addresses

Because the IP address belongs exclusively to your business, it offers several important and unique benefits.

Secure remote access to company resources

Dedicated VPN IP addresses allow you to restrict who can access company resources, files, and applications from remote locations. They act as secure gateways so that only authorized personnel you supply with the correct IP address can access your company’s resources. 

Whether working from home, traveling, or on-site at a client’s office, your staff can establish a VPN connection to your corporate network, effectively extending your company’s private network to their device.

This enables seamless access to internal systems and promotes productivity without sacrificing security.

Segmented access to company resources

Dedicated IP addresses also give you the flexibility to decide who can access which company resources. Employees and contractors can be given access to different VPN servers that have different IP addresses, allowing you to provide granular access to content and apps based on their roles within your organization. 

Improved collaboration

This segmented access to company resources can be used to facilitate secure collaboration between business partners, clients, and remote teams. By setting up one or more dedicated IP addresses, you can grant controlled access to network resources, ensuring secure data sharing and collaboration while maintaining privacy and security standards.

Added protection against cyberattacks

A dedicated IP address adds a layer of defense against denial-of-service (DoS) attacks by obscuring the actual IP addresses of your company’s resources.

Data privacy compliance

Many businesses must protect customer information to comply with data privacy regulations, and the thresholds they have to meet can be affected by their size, industry, and the country (or countries) they operate in. Examples include the General Data Protection Regulation (GDPR) in Europe and the Health Insurance Portability and Accountability Act (HIPAA) in the USA. 

Dedicated IPs can assist a business in meeting (or even exceeding) these requirements by securely restricting access to data to those authorized to access it.

Final thoughts

Here are some specific examples of how businesses use VPNs:

• A financial services company that uses a VPN to allow customers to securely access their personal information online.
• A law firm that uses a VPN to allow its lawyers to securely access client files from anywhere in the world.
• A retail company that uses a VPN to allow its employees to access the company’s inventory system from home.
• A marketing company that uses a VPN to localize consumer product research.

Proton for Business plans allow you to protect your staff’s privacy with bulk VPN subscriptions and reserve dedicated IP addresses that you can use as doors to securely access your business’s resources and data.

In addition to the benefits of using a secure no-logs VPN, Proton for Business plans provide your company access to Proton Mail, our world-famous secure email service, plus end-to-end encrypted cloud storage and calendars.   

The post Why use a VPN for business? appeared first on Proton VPN Blog.