Network Security

Ransomware Has Gotten So Bad, It’s Aligned with Terrorism

Ransomware has rapidly progressed from an irritating annoyance to a legitimate global threat, with the U.S. Justice Department officially going on the record and establishing that future ransomware investigations will be handled the same way that terrorism cases are now. Let’s review the reasons behind this policy change and how your business should respond.

How Much Worse Has Ransomware Gotten?

Let’s look at this somewhat casually. 

Ransomware was never something to be trifled with. However, compared to the attacks we’re seeing today, the attacks of the past seem to be small potatoes at their worst. Having your business’ data encrypted is bad. However, crippled supply chains and interrupted national infrastructures (as we’ve seen in the recent attacks on JBS SA and Colonial Pipeline) are undoubtedly worse.

The dangers that such ransomware attacks pose cannot be understated, and no business is truly safe. The White House recently said as much in their warning to companies in regards to their cybersecurity preparations.

This is Why the US Justice Department is Speaking Out

Understandably concerned about the ramifications such threats could easily pose to national security, the Department of Justice has joined with the White House to draw a line in the sand. As their way of responding to what they accurately described as a “growing threat,” investigations into ransomware cases will now be handled similarly to how terrorism cases are… all stops taken out in terms of what tools are used.

Other Governing Bodies are Following Suit

Likewise, in response to the JBS hack and the potential economic ramifications it will likely cause, the US Congress is now considering the lack of federal oversight into the cybersecurity protections implemented by meat processors. Such oversight could help to create a more unified strategy to help prevent and mitigate these kinds of attacks and their widespread impacts.

Ransomware Threats are Also Getting Worse

In addition to many ransomware attacks being waged on bigger, higher-value targets, the strategies involved across the board are evolving. Just consider the ideal progression of a ransomware attack from the attacker’s perspective.

1. Use ransomware to encrypt a targeted system

2. Threaten to delete all contents of a targeted system if a ransom isn’t paid

3. Profit

Understanding this, the consensus amongst security-minded businesses was that keeping an isolated backup was the perfect failsafe against such an attack. After all, with the backup to fall back on, the encrypted data could be deleted and replaced with relatively minor cost to the business. This is one of the many, many reasons we always recommend a business to keep a backup squirreled away.

Unfortunately, as will always be the case with cybercriminals, these practices encouraged them to adapt their processes. Lately, more and more attacks are following a slightly different method than what we’ve been seeing:

1. Steal data from a system, using ransomware to encrypt it after the data has been harvested

2. Threaten to delete all contents of a targeted system if a ransom isn’t paid

3. Profit

4. Threaten to leak or sell the stolen data unless a second ransom is paid

5. Profit again

This double-whammy approach to ransomware first came onto the scene in late 2019, and has exploded since. One recent survey found that 77 percent of ransomware attacks now come with threats to leak data if a ransom isn’t paid. This same survey also revealed that such attacks are increasingly directed against SMBs, who have considerably fewer resources than enterprise-level targets.

So, if keeping a backup no longer helps to squash the entire threat, what can a company do?

How a Business Can Resist Ransomware

First, it will help to understand how the majority of modern ransomware attacks begin. About half are enabled by a cybercriminal’s ability to compromise remote desktop software (through stolen or guessed access credentials, or through an unpatched vulnerability). This means that any organization can more effectively prevent ransomware by reinforcing its password security and user management.

By implementing password requirements that better align to best practices and then reinforcing them through two-factor authentication measures, your business can help eliminate much of the risk of an insecure password. Supplementing these measures with a password management platform can make it that much simpler for your users to utilize sufficiently secure identity authentication, benefitting your organization considerably.

Finally, it helps to invest in a dark web monitoring service, as this can help you identify if any of the passwords or data that your organization relies on has been compromised and exfiltrated. While it won’t help to undo any damage that has already been done as a result, this knowledge can help you identify your weak points and resolve them.

While we wish we could say that this is the last time that a cyberattack method will ever get progressively worse, we simply can’t, so we all need to do whatever we can to stop them. That’s where Jackson Thornton Technologies and our services come in. Learn more about what you need us to do by calling 334-834-7660.

 

Four Considerations for Your Business’ Security

Millions of people find themselves sitting in front of a computer moving files around and corresponding with people over the phone, through email, or updating info in the company’s line of business app. What many of them don’t know, however, is that, at any time, they are only a couple of clicks away from causing major problems for their company. This is why it is extremely important to train your staff on what to look for and how to address those situations when they do arise.

To understand the desperate nature of this issue, you simply need to look at the global statistics. According to the Internet Society’s Online Trust Alliance (OTA), 2019 saw losses of over $52 billion as a result of cyberattacks, of which roughly 95 percent could have been avoided through simple, common sense actions and procedures. Additionally, these figures are expected to grow rapidly in the future.

That’s why it is essential that your business, aside from your dedicated network and cybersecurity strategy, comes up with a plan on how to properly train your staff with procedures that won’t stymie your business’ ability to be productive. How you go about doing that is up to you, but this month we thought we would share a few strategies on how to effectively get this done.

Get Your Employees to Understand

Educating a bunch of people (who don’t work in security) to learn about something as yawn-inspiring as network security isn’t impossible, but it takes a little creativity. If someone can relate to a victim, it’s easier for them to do things they wouldn’t typically do because they don’t want to be responsible for another. Use real world examples in your education materials. Chances are many of them have been the victim of identity theft or they’ve had their data leaked as a result of negligent behavior. Show them that many of the things they can do to protect the company are things that they already do to protect their own data. 

Create a Culture of Security

If history has taught us one thing about people, it is that people are impressionable. If they are constantly surrounded by a certain message, they will typically accept that message. Creating a company culture that is rooted in security will do a lot of the heavy lifting for you. If your company consistently pushes the need for comprehensive security, you better believe that most of your staff will get the message loud and clear.

Keep Training Consistent

Pushing security can go a long way, but without training that is designed to educate exactly what problems are being addressed by the procedures that are put in place, the whole thing is completely pointless. Employees need to understand:

● How to avoid becoming a victim of phishing

● What network resources they have access to

● The importance their role has in protecting company and customer data

● Solid password management and best practices

● What to do if they do make a security mistake

If every employee you have has a good handle on these five concepts, there likely won’t be a network security disaster coming from your staff in the near future.

Lead By Example

Obviously, in the average employee’s mind, network security, like physical security, is nothing they are inherently concerned with. If they follow procedure, there should be no problem. They figure that decision makers take the time and effort to address these issues and deploy the systems that are needed to protect the business. Not only that, many workers consider workplace security a C-suite issue. Firewalls, antivirus, multi-factor authentication, mobile device management, and intrusion detection are largely looked at in the same way as digital surveillance, access control, printer management, and a slew of other security systems that are controlled by people outside their expertise. In fact, many people look upon these systems as ones that serve to protect the business from them rather than working to protect the business.  

Leading by example means that you do the right things and expect that your team follows suit. Being more supportive than demanding is a good way to start. People that aren’t that strong with technology won’t always get it. Unfortunately, it only takes one instance to really create problems, so they must. Instead of being frustrated at their lack of understanding, create documentation and resources that will help them. Work with them to make them understand just how important it is that they need to follow these procedures. They don’t need to understand the workings of complex IT systems, they just need to avoid the big mistakes that could cause major problems for the company. 

At Jackson Thornton Technologies, we can help your business put together a plan to help you protect your business from end to end. Our IT professionals can help you put together procedures and a training plan that will give your business the resources it needs to stay secure. To learn more, call us today at 334-834-7660.

 

 

 

 

Cybersecurity Lessons to Be Learned from the Colonial Pipeline Attack

Headlines have been filled with news pertaining to the recent hack of Colonial Pipeline, which has created significant gasoline shortages up the east coast of the nation. While the pipeline has been restored, the way this was accomplished sets a dangerous precedent. On top of this, the attack seems to have set off bigger infrastructural changes in the political space.

Let’s take a few minutes to dive into the situation at hand to see what insights can be gleaned from these events.

The Colonial Pipeline Situation

On May 7, Colonial Pipeline first became aware of a ransomware infection in its systems, prompting the fuel supplier to pull the plug on its pipeline operations along the southeast coast so that the malware wouldn’t spread. Leaning on a relatively new form of ransomware attack, those responsible for the attack—a group called Darkside—utilized a method known as double extortion, where the cybercriminal motivates their victim to pay up by not only locking their data down but also threatening to leak it out.

For its part, Darkside primarily operates as a kind of cybercriminal service provider, developing threats to provide them to other groups with their support.

In response to this threat, Colonial Pipeline quickly halted its operations… and as a result, a wide portion of the country experienced gas shortages due to the cutoff of supply. Many found themselves waiting for hours at the pumps, assuming that any gasoline was available at all. Despite stating that there were no plans to pay the almost $5 million in cryptocurrency that the hackers were demanding, it has been reported that the company did ultimately do so. Once the payment was received, the distributor was provided with a very slow decryption tool that they supplemented with their own backup solutions.

This situation has highlighted a few serious considerations that will need to be addressed by businesses of every size, while also revealing a few things about the current state of cybersecurity in clearly critical pieces of infrastructure.

Ransomware-as-a-Service is a Serious Threat

Darkside had risen to prominence in a relatively short time in the cybercriminal business world, creating a network of affiliate hackers to collaborate with for a share of the cut. With a net gain of at least $60 million in its seven months of existence ($46 million of which came in during Q1 2021 alone), this approach is apparently quite lucrative. While the affiliate hackers retain the majority of the ransom fees, Darkside handles a lot of the work on their behalf: writing the ransomware itself, billing the targeted victims, hosting the data that has been stolen, and even serving as the cybercriminal’s IT support and PR team.

This is serious, simply because it can significantly lower the barrier to entry that cybercriminals face when implementing ransomware, making it a feasible attack vector for more of them to put into place.

Double Extortion Makes Ransomware Even Worse

You may have caught that Colonial Pipeline did, in fact, have a data backup available to them… so, it may seem confusing that they still paid the ransom to have their data released. After all, the data backup should have enabled them to simply wipe and restore their entire infrastructure from scratch.

It’s the fact that this attack was using the double extortion method that makes the difference. Instead of simply threatening to delete the data if the ransom is not paid, a double extortion attack doubles down by threatening to leak the data if the ransom is not paid in time. Depending on the industry that is being targeted, some of this data could bring significant repercussions to the business that allowed it to leak. Government regulations and public opinion can both bring down serious consequences once data is leaked, so it makes sense that Colonial Pipeline would choose to bite the bullet and pay up instead. We still don’t recommend that ransomware demands are paid, but time will tell if this method of attack becomes more popular and forces us to reconsider.

Events Like These Will inspire Cybersecurity Improvements

Partly in response to these events, U.S. President Joe Biden signed an executive order intended to boost the cybersecurity protections in place surrounding critical infrastructures for the government and private sector companies alike. This order includes the founding of a task force committed to prosecuting hackers that utilize ransomware, as well at the removal of any contractual barriers to reporting breaches within federal agencies and a deadline of three days to report severe cyberattacks. With such attacks happening with higher frequency than ever before, it will be far more critical for businesses to consider these improvements crucial to their continued survival.

Situations like these make it clear that cybersecurity isn’t going to get any easier for businesses to manage from here on out, so it will be important to have a trustworthy resource waiting in the wings to assist your operations. Jackson Thornton Technologies can be that resource for you. Give us a call at 334-834-7660 to start a conversation about what we can do for you.

 

Cyberattack Discovery Time is Decreasing (But This Isn’t All Good News)

Research has revealed that cyberattacks are spending decreasing amounts of time on their targeted networks before they are discovered. While this may sound like a good thing—a faster discovery of a threat is better than a slower one, after all—this unfortunately is not the case.

Let’s explore this trend, and what it implies for your cybersecurity.

Understanding the Concept of Dwell Time

Dwell time is the term for the duration that a cyberattack is present on the network before it is detected. According to figures compiled by Mandiant, their researchers have found that the median dwell time around the world is 24 days. This number continues a decade-long trend of shortening dwell durations, with 2011 seeing a median dwell time of 416 days.

So, over the past ten years, the median dwell time has shrunk to about a fifth of what it once was.

On the surface, this sounds great… and it makes sense, too. Organizations are investing more into their cybersecurity, so their policies are better and they are simply more able to detect threats. Therefore, cyberattacks aren’t spending nearly as much time on a network before the infiltrated business becomes aware of them, so the damage they can do should be limited… right?

As much as we’d like to wrap this blog up right here and say “Right, and here are some best practices to follow…” we can’t. The situation is just a bit more complicated, and those complications are important.

The Shifting Threat Landscape Plays a Role

Here’s the thing: as the dwell time that cyberattacks spend on a network undetected has shrunk, the methodology behind the attacks—more specifically, the type of attacks commonly being used—has shifted. Nowadays, ransomware plays a much larger part, increasing from 14 percent in 2019 to 25 percent in 2020.

Ransomware (the malware that locks down a targeted system and demands payment to release it) has a much shorter dwell time than most other attacks. Taken as a group, other attack methods had a median dwell time of 45 days. Ransomware: just five. This difference is what contributed to the overall median dwell time of 24 days.

So, these shorter dwell times can be attributed to ransomware intrusions progressing to full-scale attacks much more quickly.

Ransomware Has Gotten Worse

Unfortunately, a business’ troubles don’t end there. In addition to these accelerating attacks, hackers have grown more aggressive. This has translated to higher ransom demands, as well as the unsettling development of so-called “multifaceted extortion”—where the attacker threatens to also publish the data they steal if payment isn’t made.

Other Attacks Are Still Prevalent, Too

Businesses still need to worry about other methods of attack as well. For instance, exploits (codes that take advantage of programming bugs or other vulnerabilities) have risen in popularity again as a way for an attacker to first get into a business’ network. They’re now seen in 29 percent of intrusions, as compared to phishing attacks and their 23 percent prevalence.

Other commonly used tools included misused tools meant to provide security teams with the resources needed to run their evaluations. These backdoors were found in 24 percent of incidents. Moreover, privately-developed malware—the kind that makes responding to a security incident more challenging—was seen in 78 percent of attacks.

This Is All Concerning, So Your Business Needs to Prepare Accordingly

How do you do that? Proactively, and keeping in mind that the modern threat landscape is just too diverse to be covered by a single, simple fix. The measures needed to respond to each are all very different.

If you’re finding this to be a lot to deal with, you aren’t alone—and you don’t have to be to attend to all this, either. Jackson Thornton Technologies and our team of experts can help you ensure that your business’ network is fully secured and monitored against threats of all kinds. To find out more about what we can do, check out some of the services we offer and give us a call at 334-834-7660.

 

 

Cybersecurity Tools Every Business Should Have

We typically like to remind people as much as we can of the importance of staying up-to-date with your organization’s cybersecurity. There are plenty of things you can do to strengthen your grip on your network. This month we thought we’d go over some of the solutions we offer to help our clients secure their network and infrastructure. 

Your Network Security

To protect your network, you need to ensure that you have the proper solutions in place. Between network security appliances, virtual private networking (VPN) clients, and firewalls, any potential points of egress can be covered against issues.

These defenses will help to minimize the number of threats and other risk elements that enter your network. Once coupled with the following solutions provided by Jackson Thornton Technologies, you can know that your business data and network security are strong. 

Network Monitoring

In case any threats do manage to breach your defenses, you need to ensure that you are able to detect and identify them. By equipping whatever IT management resource you have with the tools to keep an eye on your network and its health, your security will be improved through vigilance. This is one of the best-known advantages of enlisting a managed service provider, as an MSP will take it upon themselves to proactively work to prevent threats by keeping an eye on your technology infrastructure and its health.

Mobile Device and Endpoint Management

As many people are working remotely, especially nowadays, the capability of your business to retain some control over its data is a necessity. Utilizing solutions like mobile device management and endpoint management can give you this control, enabling you to dictate the data and applications that these devices can access. This way, you can better ensure that your data is protected, and your resources are secured.

Security Training and Management

Of course, you also need to be sure that your team knows how to protect your business to the best of their ability, and that they understand how to respond to any threats that make their way in. This will require you to evaluate your team’s preparedness and test them in simulated events to ensure that they are able to protect your business. You’ll also need to figure out how to meet the compliance standards that your industry is beholden to, specifically in terms of the security that is demanded for you to uphold.

Threat Management and Detection

Finally, you need to do everything you can to minimize the amount of threats that materialize and catch those that have slipped by. Using the solutions available today, you can reduce the amount of threats that darken your door in the first place. There are also tools that can help you to locate any threats that have slipped past your defenses so that they can be mitigated.

Jackson Thornton Technologies is ready to assist you in implementing these solutions. To get started, reach out to our team by calling 334-834-7660.

 

 

 

 

SolarWinds Hack - Everything You Need to Know About The Largest Cyber Attack of All Time

True to form, 2020 has given us a final parting gift: the news that the United States was targeted this year by the biggest cyberespionage attack ever. Let’s go into the ramifications of this attack, and what it should teach us going forward.

How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

● The U.S. Department of State

● The U.S. Department of the Treasury

● The U.S. Department of Homeland Security

● The U.S. Department of Energy

● The U.S. National Telecommunications and Information Administration

● The National Institutes of Health, of the U.S. Department of Health

● The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

While we likely will not know how deeply this threat went for some time, you can at least be sure that Jackson Thornton Technologies is here to help keep your IT as safe as possible. If you have any questions for us regarding your business’ technology, do not hesitate to give us a call at 334-834-7660.

 

 

How to Monitor Your Employees’ Activities without Crossing Any Lines

Of all the contentious topics in the workplace, employee monitoring is among the most divisive. As an authority figure in your business, it is only natural that you would want to make sure that your team is working diligently—especially as they are working remotely. That being said, there are some lines that cannot be crossed you should be aware of. Let’s discuss the concept of monitoring your employees and what cannot be done.

Monitoring Your Team Without Telling Them

For starters, you can’t just start monitoring your team without informing them and obtaining their consent. This is generally illegal, and therefore should be avoided at any and every opportunity. The basic rule of thumb is this: unless you have a valid and legitimate reason to suspect an employee of acting out and are actively investigating their behaviors, you are not cleared to utilize monitoring software without informing your team that it is in place.

Therefore (as obvious as this point may be), don’t do that.

What you should instead do is be transparent with your team. Let them know that their systems will be monitored, what it is that will be monitored, and—this is the really important part—why you are monitoring their computers at all. Maintaining this level of transparency will be important to keep your team comfortable with the thought of being monitored, while you enjoy the security benefits of keeping your fingers on the pulse of your business.

Monitoring Your Team, Outside of Work

Remote work has added an extra wrench into your considerations, as it obviously gives your team an increased level of access to their work devices. So, if you no longer have simple access to and control over these devices, it makes sense that you would want to continue monitoring their computers even after regular working hours.

Here’s the problem with that: who is to say how your employees are going to use their work devices after the work day has ended, and what kind of data could you inadvertently capture through your monitoring solution? Even if it happened by accident, you could wind up capturing the access credentials to one of your team member’s bank accounts, potentially putting you in hot water legally. There are a few different methods that you can use to avoid this, ranging from banning your employees from using work devices for personal reasons to giving your team members the ability to switch off their monitoring while using or accessing personal information.

Monitoring Your Team, For the Sake of Monitoring Them

Finally, you need to have a direct reason for monitoring your employees’ activities. Whether you’re trying to identify data leaks or resolve inefficiency in your processes, monitoring can be used to help collect the information you need. However, if you want to implement a monitoring solution simply to ensure that your team members are working diligently, you need to pause and reconsider.

A good rule of thumb to follow, in terms of employee monitoring, is that there always needs to be a specific goal that serves as the purpose for monitoring your team in the first place. Otherwise, you could be on shaky ground. Using it strategically, employee monitoring can bring you significant operational benefits.

With the right strategy, considerable benefits can be brought to your operations through the right technology solutions. Jackson Thornton Technologies can help. Find out how by calling 334-834-7660.

 

 

Four Key Components of Successful Network Security

Nowadays, a business’ network security needs to be amongst its top priorities if it is to have any chance of operating without undue risk of data breaches and other incidents. Admittedly, managing this sounds like a Herculean task, but a few relatively simple implementations can help give your security a considerable advantage as you lock down your business’ future. Here, we’ve reviewed four such areas you need to focus on.

Patch Management

Software is notoriously imperfect, as indicated by the constant updates and patches that are rolled out for different titles and platforms. Cybercriminals are highly motivated to identify these imperfections and take advantage of them to achieve their own ends. As a result, the importance of promptly installing these packages is elevated to help avoid experiencing the ill impacts of such threats.

Many businesses will only patch after testing the update (if they manage their patches at all). While this isn’t necessarily a bad policy, it is crucial that this process happens as quickly as possible to avoid exposing you to more risk.

Device Control

To state it plainly, you need to have some level of control over the security of any and all devices that connect to your business’ network—regardless of whether they belong to the company, or if they are privately owned. This will help to ensure that vulnerabilities aren’t making their way into your business by piggybacking in on devices that may have connected to an insecure network.

As more people than ever are also taking advantage of remote work, you should also make sure that your employees are able to securely access the resources they require to successfully complete their responsibilities. Again, the networks they use at home aren’t likely to be as secure as the one your business relies on should be. Implementing the use of virtual private networking to facilitate secure remote work should be considered a must.

Benchmark Comparisons

It is also valuable to know A: which solutions you are currently using and B: how well your security best practices line up to what can be considered acceptable. This can be accomplished by contrasting your own with the levels that have been previously established.

With the information and data gleaned from such assessments, you will be better able to identify your most pressing security shortcomings and resolve them accordingly.

Identity Management

Of course, we can’t discuss network security without also bringing up the idea of controlling access to data based on a user’s role and associated need for the data in question. After all, someone in one department may have no need for the very same data that another department finds absolutely essential. Even more pressing is the fact that you need to ensure that only authorized users can access the network and its stored resources at all.

Many security experts have shared opinions about how best to do so, and the modern consensus is swiftly migrating away from relying solely on passwords for authentication. Instead, a shift to multi-factor authentication—where an additional proof of identity is required—has become the prevailing wisdom. This can range from implementing time-sensitive generated codes into your authentication processes, to providing your users with a hardware-based security key that will provide them with access.

Are you looking to improve your company’s network security?

Jackson Thornton Technologies is here to help. Our experts have the expertise gained from years of experience to evaluate your IT infrastructure and its protections to make recommendations as to the best improvements to make. Reach out to us at 334-834-7660 to learn more.

 

Are VPNs Really Secure?

We’ve not been shy about promoting the use of VPNs (virtual private networks) as a means of protecting your security while you are online. However, we wanted to take a bit of time to specify what a VPN can - and cannot - do to help you.

Understanding What a VPN Is

A VPN is a tool that enables you to encrypt your internet traffic.

An analogy that can be used to describe a VPN is that of a subway, as compared to a street on the surface. Let’s say that you’re traveling from point A to point B. If you choose to ride in a car on the surface, you are visible to anyone who might be on the street as well. Not only can people see who is in the car, they can see where the car is going. This is what the “typical” Internet connection is like, as far as your Internet traffic and information are concerned.

On the other hand, using a VPN is more like using the subway. When you ride the subway, someone on the surface may be aware that there is a subway traveling below them, but they cannot see it inside its underground tunnels. More importantly, they cannot see you in it. This lines up to how a VPN works: by encrypting your data and identity while in transit across the Internet, everything you do is hidden from hackers and even your Internet Service Provider.

This is commonly used, especially now, to enable secure remote work to take place. By using a VPN, an employee who is working from home can securely access resources that exist on the business’ private network. This helps to protect this data from snooping eyes.

How Well Does a VPN Protect Your Data?

Frankly, it depends, and it depends on a variety of factors.

The first factor is how you are defining the word “protect.” There are a lot of different ways that your business’ computing in general needs to be protected. A VPN’s purpose is to prevent your history and Internet connection from being snooped upon. That’s basically it. You can still download spyware, malware, and/or viruses while you’re using a VPN, especially if you visit a malicious website or allow in infected files.

There is nothing particularly secure about a VPN in its concept. Rather, the security behind the VPN’s protocols is where the real difference is. Some protocols, like the heavily exploited point-to-point tunneling protocol, just aren’t secure enough nowadays. Others, like OpenVPN or WireGuard, are considerably more secure, due to the ciphers that are in place to protect them.

Turn to us for assistance with your Virtual Private Networking.

Jackson Thornton Technoligies can assist you with your VPN, assisting you in selecting a provider and implementing the solution that best fits your business’ needs. There is far more to consider than what we’ve covered here, so make sure to give us a call and talk to our team. Give us a call at 334-834-7660 today.