Who is this for?

This article is for solopreneurs and small business owners with 10 (or fewer) employees or contractors who primarily sell digital products online. Many of the business owners we work with have customers, employees, and vendors who are located in different worldwide locations.

What is a VPN?

A VPN, or Virtual Private Network, is essentially a secure tunnel between your device (like a phone or laptop) and the internet. VPN providers claim to use encryption to scramble your data and add a layer of privacy between your online activities and would-be snoops.

Their sales pitch is that, when using the internet without a VPN, your data travels openly and unsecured across the web. This means that anyone with the right tools and motivation can intercept and see your company activity and data.

So the next time you're sitting in a Starbucks, the person sitting at the table next to you drinking a double macchiato might actually be looking at your emails and checking out your bank routing number. Or, at least, that's what VPN providers would have you believe...

Does Your Business Need a VPN?

Our take? For the average solopreneur or small business owner, VPNs aren't worth the time to set up or the cost to maintain.

Most modern websites already use something called TLS (or Transport Layer Security), which is a form of encryption. When accessing websites, like your bank account, TLS adds point-to-point encryption between your device and that site. This means that even if you're working at at a public location, like Starbucks, your data is not out in the open for anyone to see. Websites using TLS are indicated by having "HTTPS" in the URL or a padlock icon.

Even if a hacker gained access to the Starbucks network while you have multiple tabs open (for example, Gmail, PayPal, and Shopify) all they would see is that you are connected to those websites, not what you are doing on them.

If you use a VPN, a would-be attacker won't see what website you're using. They will only see one connection: your device to that VPN. It technically adds a second layer of privacy on top of TLS, but in many cases that extra layer is redundant.

In general, if you and your employees usually do your work from devices connected to your own personal Wi-Fi or a private network, then a VPN shouldn't be necessary.

When Should You Use a VPN?

A VPN can, in theory, add privacy and a layer of protection when using public Wi-Fi (like in airports or cafés). This should make it harder for potential attackers to access your data.

There are two instances where it might make sense to use a VPN:

1. If you or your employees frequently use public Wi-Fi

If you (or your employees) use public Wi-Fi a lot, a VPN may be worth the time and effort to set up and maintain. Why? There are a lot of variables, but the main culprit are old, unsecured routers.

Because many businesses offering free public Wi-Fi typically don't update or protect their routers, hackers find them easier to break into than going after a single individual. Once they have access to an unsecured router, they gain access to the whole network. They can redirect people using that network wherever they want. This includes to websites that may look like your bank. If a router is compromised and you're using a browser on that Wi-Fi, you may not catch the switch, even if you're checking URLs for TLS.

This is where a VPN comes into play. In this scenario, a VPN is far more likely than a standard browser to notice that something is wrong and initiate an alert to shut off the connection.

How likely is this? We are seeing an upswing in the number of old or poorly maintained public routers being targeted. That being said, it is a little like swimming in the ocean. The chances of being bitten by a shark while in the ocean is not zero, but it isn't high. However, the more often you swim next to sharks the more likely you are to be bitten.

2. If you or your employees frequently visit non-TLS enabled websites

If you (or your employees) are visiting websites that do not use TLS on a regular basis, it may make sense to use a VPN.

When might this happen? If you have a vendor or service provider who is using an outdated website. So if you have a vendor whose website you go to a lot and their URL says "HTTP" and not "HTTPS" then you know they are not using TLS. If you have no other choice but to go to that website, then it may make sense to use a VPN. We would also recommend telling your vendor to update their website.

Which VPN Provider to Trust

If you've determined that you or your employees meet one of the caveats above and would benefit from a VPN, how do you choose the right one?

Unfortunately, the hardest part about picking a VPN provider is finding one that you can trust. The VPN industry, as a whole, is filled with morally questionable or downright unethical players.

For example, while a VPN might help prevent an attacker from seeing what sites you are visiting, it won't stop the VPN provider themselves from accessing your data. And many do...

More than a few VPN providers have not only failed to secure customer data properly (losing it to attackers anyway), many have been caught collecting and selling user data to the highest bidder. This means that, in some cases, using a VPN can actually make your business less secure than not using one at all.

What to look for

So the VPN provider you choose matters. A trustworthy VPN should, at minimum, have the following characteristics:

Privacy and No-Logging Policy: A strict "no-logs" policy to ensure no tracking or storage of your online activity or personal data.

Security Protocols: Look for providers that use strong encryption (example, AES-256) and security protocols to protect your data.

Speed and Performance: VPNs can slow down connections, so it can make sense to prioritize providers that offer faster speeds.

Server Locations: A VPN with a wide range of server locations can improve performance and help bypass geo-restrictions.

Transparency and Trust: Opt for VPNs backed or owned by a reputable company, with independent audits or reviews to verify their claims are true.

Ease of Use: The VPN should be easy to set up and configure, especially for non-technical users.

Device Support: Ensure the VPN supports all your and your employee's devices (phones, laptops, tablets) and allows multiple simultaneous connections.

Customer Support: Reliable customer service is key if you run into issues.

Trustworthy VPNs

Fortunately, if you meet the caveats and feel like you or your employees need a VPN, there are reputable options available.

Consumer Reports and The Wirecutter have done a great roundup of trustworthy VPNs that we would feel safe using or recommending (they have their own deeper writeups if you click the links).

Some standout VPN providers we trust (as of this writing) are:

• ExpressVPN

• IVPN

• Mullvad

• NordVPN

• Proton VPN

• Surfshark

• TunnelBear

Summary & Next Steps

In most instances, the cost of time and effort involved in setting up and maintaining a VPN makes them an unattractive option for small business owners who care about security. Add to this the fact that the VPN industry is full of shady players with questionable business practices. With few exceptions, you are better off not relying on a VPN. However, if you or your employees often use public networks and/or frequent non-TLS websites, a VPN may be worth the cost, if you pick a reputable provider.

What Else Can You Do to Protect Your Business?

While VPNs might not be the best investment for your small business, there are other things you can do today to protect yourself from cyber criminals. That's why we created Small Business Owner security Survival Guides. They are simple, easy-to-follow instructions that show you how to:

• Prevent cyber attacks before they happen and

• Quickly recover if you do get hacked

No jargon and no technical expertise required. Simple business security that works. Click here to get yours.

Is your business under attack? Get the FREE guide to find out.

Cyber attacks on small businesses happen every single day, and it can be hard to tell if your business is being targeted by cyber criminals.

If your business was under attack, would you know?

Get the FREE guide to learn the 7 signs your business is being hacked. Click here to get your copy.