A little while ago, a friend of mine asked my opinion on VPN services for his home office. My first response was to ask “why?” he needed a VPN. In general, a VPN is only really a serious requirement on public wifi while not being as necessary on a home network. His reply was that he wanted to ensure the encryption privacy of the confidential information on his computer as he recently started a business and his computers were online 24/7. It is absolutely admirable that he is thinking about privacy, but this is where a lot of VPN marketing and hearsay goes wrong. Many places bill VPN as being the be-all-and-end-all of privacy, when there are basics you should have in place first.
The absolute first thing to have in place is a decent anti-virus. It is important to do your homework here too and select a product that works for you. Most anti-virus tools work on a yearly subscription, and as such there is great competition from providers to get the right mix of speed, efficacy, and security. Different products may be better on a yearly basis, so it’s good to stop and review now and then. PCMag and TechRadar do great yearly roundups of all the tools out there.
Paid or Free?
It’s generally said that if it’s free, you are the product. Many free anti-virus tools exclude certain valuable scans or are supported by advertising. I would always recommend going for a paid solution. It is a yearly cost that is worth the expense to protect your devices. Nowadays, most solutions allow you to protect a number of computers in a household under a single payment and license, which is a real bonus. I personally use WebRoot SecureAnywhere Plus.
Pro-tip: Purchase your anti-virus via one of the online magazine reviews: they often have major discounts on the yearly subscription!
Another important (and often overlooked) issue is that of updates. Disabling your Windows updates (or any other system for that matter) can be dangerous, in that security fixes and patches are there to secure your computer. Sometimes a vulnerability will be discovered in an operating system and hackers will take advantage of it immediately (called a zero-day attack), without updates you stay vulnerable after the fact. As much as they can be irritating, they are a necessary protection.
A Good Password
A good password should be a minimum of 12 characters long. Short or predictable passwords are really a bad idea. In the past, and still on many websites, the recommendation was to use tons of letters, numbers, special characters and so forth to ensure your password is good. While this is a decent practice, it’s really difficult to remember these kinds of passwords. What is being used more and more frequently is a passphrase. This is where you use a longer phrase as a password – something that is easy for a human to remember, and also surprisingly difficult for a computer to guess.
Another good practice password wise is to have different passwords for every service you use. This is particularly true for your email password – NOTHING should have the same password as your email. On the surface, this is a major mission given how many services we use online, however, there are great tools out there to manage having multiple passwords. I use something called 1Password, though there are other equally good products out there like LastPass or Dashlane.
A VPN, while encrypting the data that you send to and from your computer, will not encrypt the data ON your computer. For this, you need to enable encryption on your hard drive. This also adds protection should someone remove your hard drive from your computer. You could have the best password in the world, but if your hard drive is not encrypted, anyone can remove it from your computer and copy off whatever they like.
On a Mac, you can enable encryption via FileVault. You can find instructions on how to do this over at Apple. Windows gets a little more tricky as encryption is by default only available on Windows Professional editions, and it has two different approaches depending on your device. Microsoft has a guide to enabling Device Encryption or Bitlocker over on their support site.
If you are running Windows 10 Home edition, encryption is often not supported. You can, however, use a third party tool like VeraCrypt to encrypt your drive. VeraCrypt is a bit more complicated to set up, but there are pretty comprehensive instructions for you to follow over at their documentation site.
Last, but certainly not least, is to have your firewall enabled. A firewall blocks any incoming network traffic to your computer or network. Think of it like a fence around your property. You want to ensure that on your router – the device that connects you to the web – the firewall is enabled and working. This protects your local network. Similarly, your computer also has a firewall, you need to have this enabled too (it is enabled by default), particularly if you use hotspots or a 3G / LTE modem.
For my friend, and probably for you too, a VPN service in your home is likely unnecessary. Yes, it can add privacy to your browsing in that your service provider won’t be able to see where or what you are browsing, however it will not secure your home network if you do not have the above in place. You can have a super-secure VPN connection, but any malware on your computer would completely bypass it. Having the above in place though will see you in a much better position security wise, before you start looking into additional privacy bolt-ons.