As your business grows, your employees will need flexibility in where they access the office servers from. Being able to connect from home or in the field makes them more productive and can save crucial time in an emergency. At the same time, you have to beware of network security risks. You can't let just anyone connect to your network. Fortunately, there's a way to have it both ways: an office VPN, or virtual private network. It lets authorized users connect securely over the Internet from wherever they are. Everything they do is encrypted along the way, so no one can spy on their work.
There are several ways to set up an office VPN, but the simplest is to use a VPN-enabled router. Your office must already have a router for outgoing Internet access; check if it has VPN support. If not, you'll need to upgrade it.
Employees will want to connect with their Wi-Fi devices, so your router should have Wi-Fi capability as well as VPN software.
You'll need a static IP address so that remote users can connect to your network. Check if you already have one (probably not if you didn't have incoming connections before). Find out from your Internet service provider how to get one. There are workarounds with a dynamic IP address, but they don't work well. The cost of a static address is money well spent.
Your employees will need office VPN accounts and client software. Usually the software is a free download from the router manufacturer. Make sure client software is available for all the devices that will need to connect.
If your company hosts its own website, it shouldn't be inside the VPN, or you'll cut off almost the whole world from it. Most businesses use hosting services for their websites, so this won't normally be a problem. Just make sure the VPN and the website are on different subdomains, e.g., www.example.com and vpn.example.com.
Having your own office VPN is different from using a VPN service. The latter means using someone else's VPN, usually to protect client-side privacy. We're talking here about setting up your own virtual private network, so that only the people you authorize can get into it. That means you can't use a preconfigured router, and you don't need to subscribe to someone else's VPN service.
1. Set up your domain with a static IP address. This may require an Internet service upgrade. Put the VPN on a subdomain of your business's domain, e.g., vpn.ourbusinesssite.com.
2. Set up the router. If you're replacing your old router, first make sure that outgoing traffic still works properly. Handling one problem at a time is enough. Make sure to change the administrative password from the default.
3. Configure Wi-Fi securely. The router should allow Wi-Fi connections only with the WPA2 protocol. Even when using a VPN, you should take advantage of every layer of security that's available. Set up a distinctive SSID and a strong password. Use a safe medium for getting the password to the employees; don't use email. Paper is still good.
4. Configure the office VPN. Now you can get to the VPN itself, using the router's administrative interface. Each router will have different details, but in most cases it will let you run a wizard that takes you through the job a step at a time. Allow access only to the services which the users will need; for example, it's generally a bad idea to allow direct database access from outside.
5. Create and test one account. Before putting everyone on the VPN, go through all the following steps with a test account to make sure everything is working. It's better to work out the problems first than make everyone a guinea pig.
6. Create user accounts. Set up accounts and passwords for the initial round of users. Add them using the router's administrative interface. Again, avoid insecure ways of distributing passwords.
7. Distribute client software to the users. With some routers, this step isn't necessary. Some have built-in support for commonly used protocols. In other cases, the users will need to obtain client software. Normally this is a free download from the router manufacturer.
8. Verify that everything works. There are bound to be some surprises when setting up a new VPN. Make sure that people are using the office VPN properly and aren't running into problems. Most of the issues will be with not setting up the connection properly or being confused about how to log in.
While it's not overwhelmingly complicated, setting up an office VPN can be intimidating for people without a lot of IT experience. We can set up and support your VPN for you, as well as providing other services to let your network run smoothly and securely. Get in touch with us today to learn how we can make your computer systems more productive.