VPN for business security (not necessarily privacy)

Hi, I am self-employed and am currently trying to improve my data security and resilience against hacks, ransomware etc. by using very long passwords, MFA, encrypted cloud storage, offline backup, encrypted email and so on. I also consider to start using ProtonVPN to encrypt my internet connection, especially when connected to public WIFI.

However, is a VPN even necessary for such purpose? I do care about privacy, however my main concern here is security, meaning that no one should be able to decrypt my passwords, transferred data or start a MITM attack. However, SSL should do a pretty good job for it already? Is using a VPN in my case overkill?

Edit: specifiying that I am self-employed

Well, it probably depends on your threat model, and what you’re trying to accomplish based on your investment. Many of us here believe in privacy and security enough to invest our time and even fight a little against the annoyances that are put in front of you when using a VPN. It’s worth it in my opinion, if it’s worth it for you is a question probably only your experience will answer.

Better safe than sorry.

I use the proton suite for business, including the VPN. Works like a charm and I barely notice it anymore.

SSL should do a pretty good job for it already?

The problem isn’t if the encryption works (it does), but if it is available in the first place. I unfortunately still regularly visit websites that don’t support encryption, and there are also a lot of programs that use unencrypted connections which aren’t HTTP(S).

Examples of usually unencrypted connections:

• NTP (Network Time).

Fixed by using an NTP client and server(s) with NTS support* - Currently no support in Windows.

• DNS (Domain Name System).

Fixed by using DoH, DoT, etc. - Limited support in Windows 11** via “modern” Settings app, full support possible via local DNS server using dnscrypt-proxy program.

• A bunch of programs like Origin, and God knows what else.

Programs should cryptographically verify unencrypted traffic (as Linux package managers do) but you unfortunately can’t rely on that, regardless it also always exposes your activities and may be used as the entry point for an exploit chain.

*Pro Tip: The German “Physikalisch-Technische Bundesanstalt”, which disseminates the legal time in Germany, has NTP servers with NTS support.

**Only supports a few preconfigured providers, option to use encryption becomes available when, for example, entering 1.1.1.1 as an IP. Adding other providers is possible using netsh dns add encryption ..., check online for more and up-to-date info on this.

I usually don’t use a VPN on my home network, but when on public or untrusted networks (hotel, airport, etc.) I’d always use a VPN, there are just too many applications that still use unencrypted connections, or may be prone to downgrade attacks.

Thanks for the detailed explanation! I appreciate it.