When VPN is a Vulnerability

Remote Access Software Might be a Better Fit Using a VPN makes sense for many businesses. It lets remote workers, vendors, and service providers have access…

iStock-802301330_darkRemote Access Software Might be a Better Fit

Using a VPN makes sense for many businesses. It lets remote workers, vendors, and service providers have access to the company’s private network from anywhere. Meanwhile, the business maintains some level of control over which applications, documents and resources can be accessed. 

In recent years, VPN usage has been declining. More applications are living in cloud-based infrastructure now, and it’s very complex to administer and safeguard a VPN.

So, what’s the right solution for you? Is a VPN good enough, or does your business need a more secure tool to protect sensitive data? This new checklist will help you decide.

Keep reading this blog post for a discussion of the top VPN vulnerabilities: remote work, IoT devices, and vendor management.

Remote Work

It’s never been harder to maintain a security perimeter. With remote employees and cloud sprawl to consider, most IT teams have moved past the idea of a centralized network where everything is safe. Instead, the goal is to detect unauthorized access quickly and limit horizontal movement in the network – keeping sensitive data protected.

There are countless endpoints that can be exploited these days. Employees who connect through open WiFi are targeted with malware, and even the most vigilant workers can be hit by sophisticated phishing schemes that seek VPN credentials.

“VPN hacks are often part of highly targeted cyber attacks.” ComputerWeekly

It’s safe to assume your network can be infiltrated (in fact, it may already have been). Some teams add security layers, VLANs, switches and subnets to keep the most important data in the most secure corners of the network.

That helps, but it might be easier to limit remote employees’ access to the specific resources or applications they need, using a more secure remote access tool.

Internet-Connected Machines 

IoT devices have become an important threat vector in 2019. While the manufacturing industry gets a lot of attention due to IoT proliferation, digital twins, remote equipment management (REM) etc, companies in every industry are being targeted. 

“SMBs have proven highly vulnerable because they commonly outsource PoS management to third-party solution providers, many of which fail to properly secure the remote access technologies they use to ‘help’ their customers.” Tech Target   

Think of all the internet-connected devices that can access your corporate network, either directly or through remote workers:

  • Security cameras
  • HVAC systems
  • PoS terminals
  • Thermostats
  • Printers
  • Lighting systems
  • Industrial machines
  • Kiosks
  • Digital signage
  • Smart speakers
  • Drink or snack machines
  • IoT-enabled appliances

With strong network segmentation, you can keep these systems isolated. But that’s complex to administer. 

Remote access software makes sense when connecting to devices that are kept off the main network, or machines that only need infrequent access. 

Vendors and Service Providers

If your business relies on vendors, you face a unique set of risks.

Third parties have become a prime target for cyberattacks. Target found out the hard way in 2013 when it was hacked through an HVAC vendor that had VPN access – one of the most impactful and financially disastrous data breaches ever. The situation has not improved since then.

“MSPs have almost unparalleled access to their clients’ networks, especially in small business. Clients are often completely reliant on the MSP to manage and troubleshoot systems.” US-CERT

Of course, knowing that vendors are prime targets for hackers to infiltrate your network, it makes sense to harden access for third parties.

But that approach comes with a lot of headaches. Vendors change users and roles all the time, which is a nightmare to manage via Active Directory – especially when there are multiple vendors. Too often, client companies just give them extra control so they can manage their own access.


That isn’t a sustainable fix, especially because vendors are often given too much access to the corporate VPN. Usually, a third party only needs to access a specific set of applications, files, devices, servers, or drives.

With a VPN, that’s complicated to set up and manage.

With remote access software, it’s simple.

Simple is good. It’s no secret that IT teams don’t have enough skilled employees to keep up with the threats they face. If you can’t staff up, use better tech. 

While a VPN has open ports that can be scanned for weaknesses, Netop Remote Control uses outbound-only connections that keep ports invisible. More importantly, you can set granular controls for KVM and file transfer, including MAC / IP filters, application whitelisting, and time of day / location access rules.

Overall, a secure remote access tool like Netop is a lot easier to manage than a VPN, while making access control safer at the same time.

Auditing with Remote Access 

Most VPNs don’t have any built-in tools for auditing or session logging. This is another area where remote access software helps. 

Some businesses need an audit trail for regulatory compliance. But there are benefits at a higher level too: those features are critical for troubleshooting, intrusion detection, and forensic analysis when responding to incidents. 

Netop Remote Control includes unalterable audit logging and video session recording, giving IT teams a far more robust feature set than VPN offers. 

More Resources

You can download the VPN vs Remote Access Software checklist here, or join Netop for a free webinar on March 26 to discuss the checklist in more detail. 

Become a subscriber today!

Subscribe to our blog today to receive all of the latest updates.

This field is for validation purposes and should be left unchanged.