With the highly anticipated release of macOS Monterey now officially set for next week, many of you will be planning a system-wide update in the coming weeks to ensure your company's Macs are up to date and running on the latest macOS version.
We strongly recommend taking this key opportunity to also tighten up your network's security. This may include updating passwords and network settings, checking your software is still compatible, and - most importantly - strengthening your VPN connection.
In this post, we're sharing five straightforward yet highly effective ways you can improve your company VPN's security, ready for the release of macOS Monterey...
5 Ways to Make Your Company VPN More Secure
Your VPN is the backdoor into your internal network. If there are any holes in your security - however small, you could be risking serious security breaches for your company. For this reason, it's important you carry out all the necessary steps to make sure your VPN is as secure as possible.
1. Select the highest encryption settings for your device
To begin with, you should start by reviewing your VPN’s encryption settings. Check whether you are using the highest encryption algorithms supported by your VPN gateway. Today, AES (Advanced Encryption Standard) is the strongest available encryption algorithm and is even used by governments and military organizations as it as widely considered impossible to crack. For AES, encryption is available up to 256 bits - the so-called "gold standard" of encryption.
Here are some more encryption best practices to consider for your connection:
- Avoid MD5 as a Hash Algorithm
- Enable Perfect Forward Secrecy in Phase 2 (if supported by your gateway)
- Use a higher Diffie Hellman Group
2. Regularly review users
Particularly for larger teams, it's easy to lose track of how many users you have configured for your VPN connection(s). However, having users associated with your connection who no longer are authorised to have access (i.e. former employees or personnel who are now in a different department) can be a serious security risk for your company.
Make a habit of regularly checking your firewall or VPN gateway device to ensure any ex-employees have been removed and that your user groups only consist of team members who are currently part of your organisation.
Tip: With VPN Tracker 365 Team Management tools, you can access a useful overview of all your team members and when a team member leaves, you can remotely revoke their access to connections via Remote Connection Wipe.
3. Frequently update your Pre-Shared Key
Many VPN connections rely on a Pre-Shared Key (PSK) as an authentication measure, meaning it plays a hugely important role in securing your VPN. Just like any important password, you need to ensure you regularly update your PSK to avoid the risk of it falling into the wrong hands.
Generally, the longer your PSK ist, the harder it is to crack - making it much more secure. Many services recommend at least 32 characters. To make things easier, you can use tools like this one to automatically regenerate a new key when it's time to update.
In addition, for optimal security, you should also avoid sharing the PSK with users via chat, intranet or similar.
Tip: VPN Tracker 365 TeamCloud not only enables you to remotely update and sync your connection's Pre-Shared Key for all users, it also allows you to hide the connection's configuration details so that only you have access. This way, you will never have to share the PSK with employees and they can continue working productively. Learn more.
4. Use Two-Factor-Authentication
Two-Factor-Authentication (2FA) has become a popular choice for many admins in recent years. In addition to preventing phishing or social engineering attacks, 2FA adds an extra layer of security to your VPN, giving you peace of mind that unauthorised users aren't able to gain access.
Some popular 2FA methods include X.509 certificates, OTP authenticator apps like Google Authenticator, Duo etc., and PKI tokens - all of which are supported by VPN Tracker 365. Some VPN gateways also offer hardware-specific, one-time tokens, such as Fortinet's FortiToken.
5. Apply Zero-Trust principles
With a Zero-Trust network policy in place, users need to go through a strict authentication process to access company resources. This is intended as a solution to stop security breaches and ensure access is kept secure at all times.
In addition, users are only given least privilege access, meaning they only have access to the resources they really need. Consider whether you really need to share a VPN connection with all your team members, perhaps some connections are only needed by admins or specific departments. By minimising the number of co-workers who have access to the VPN, you also reduce the risk of security breaches.
Security tip: The Groups feature in VPN Tracker 365 TeamCloud allows you to pre-determine groups of users and grant them access to specific VPN connections. This way, you can avoid giving all users access to all of your company connections and instead only provide them with the resources they need to perform their tasks.
Choosing a reliable VPN client
There are many VPN clients out there but only a small handful can offer your business the security and peace of mind you need for your important connections. Putting your trust in an unmaintained VPN client can not only hinder your productivity but also put your network at risk from external attacks.
For example, if your VPN client software does not receive regular updates and maintenance, it's highly unlikely that it's up to date with the latest security standards required to keep your network secure. Furthermore, without a genuine customer support team, any problems you may face will likely go unresolved, leaving you to pick up the pieces and forcing you to find an alternative solution.
For Mac users, VPN Tracker 365 is the number one choice and possess all the key qualities admins look for in a VPN client:
- Regular updates and compatibility with the latest macOS versions, including Monterey (see our version history)
- Support for all major VPN protocols (IPSec, OpenVPN, L2TP, SSTP, Cisco AnyConnect, and more...), plus TeamCloud security features
- Excellent customer support and one-on-one troubleshooting with our development team
Find out more about VPN Tracker 365 and available licensing options for your team here.
Trust the #1 VPN client for macOS:
VPN Tracker 365 securely connects thousands of Macs worldwide with VPNs every day. VPN Tracker was developed from the ground up in our head office in Munich. You can trust in our long experience working with advanced VPN technology.
From OS X 10.11 including macOS 12 Monterey