The Business Owner’s Guide to Avoiding Risky VPNs


Many businesses already started shifting to the work-from-home model before COVID-19 hit. And now that the pandemic is here to stay a while, remote work only got more and more popular – to the point where major companies don’t plan on returning to the office any time soon.

But while remote work is safe and convenient for your employees, it’s not exactly the same for your company data. We saw a huge spike in cyber attacks during the COVID-19 pandemic, which is hardly surprising. Since almost everyone is working from home, they’re exposed to phishing and MITM attacks.

Unfortunately, if you don’t make an effort to encrypt your employees’ connections to your company servers, all your data will be at risk.

A VPN is the best tool for the job, but how do you know you’re picking the right one? Not all VPNs can offer secure connections, and some of the ones you come across might even be fake VPNs.

To help you avoid those kinds of scams, we put together this list of five red flags to watch out for when reviewing VPN services:

1. Logs

VPN logs are records about user activity. Basically, they store information about how you use the VPN – what sites you visit, what files you download or upload, how long you stay connected to a VPN server, etc.

Usage logs are the most risky ones since they store data about your web traffic. But connection logs aren’t better either since they can log your IP address.

If you don’t think that’s a big deal, consider this – what if the VPN server gets hacked or seized by government authorities? Your customers’ data will be at the mercy of cybercriminals or foreign governments.

Or what if hackers get their hands on your IP addresses, and use them to target your network with DDoS attacks? Your company will be forced offline, and you’ll suffer downtime that only damages your profits.

So what’s the solution then?

It’s pretty obvious – only use a VPN that doesn’t keep any logs. If you need help finding one, just use this guide from ProPrivacy ( It’s a list of the best no-log VPNs on the market.

2. Weak Security

If the VPN only lets you use PPTP or Blowfish encryption, look somewhere else. Blowfish hasn’t been secure for a long while, and PPTP encryption can be cracked.

The only right encryption standard for businesses is AES (both AES-128 and AES-256 are equally secure). As for VPN protocols, OpenVPN is the standard. It’s basically the strongest VPN protocol right now. Some decent alternatives include:

  • WireGuard
  • SoftEther
  • IKEv2
  • SSTP

L2TP/IPSec or IPSec connections are pretty safe too, but we would still recommend using OpenVPN, IKEv2, or WireGuard instead.

3. “Lifetime” Deals

Paying once and getting a lifetime subscription sounds amazing, but that’s almost always a scam. A commercial VPN just couldn’t possibly survive on that business model. At most, it’d last a few months before shutting down. Plus, they can always revoke that deal if they want to.

Take Blacklogic/VPNLand for example. According to one Reddit user, they paid $47.50 for a lifetime plan. But after two years, the provider revoked those subscriptions under the pretense that they were bought through third-party sites. They also argued that “A ‘lifetime’ account does not mean it will be valid till someone dies. It could be anyones lifespan – such as a cat, or lifespan of a hardware.”

So definitely avoid these kinds of deals.

4. Free VPNs

We need to clarify something here – we’re specifically referring to VPNs that operate on a completely free business model. We’re not talking about legit paid VPNs that offer a free plan with limited features.

With that out of the way, why are free VPNs risky?

Well, as much as you’d probably want to avoid dealing with extra $100+ expenses per year, a free VPN just isn’t safe. For one, it would offer poor security, and might even expose you to malware. Besides that, the service might log your data and sell it to advertisers – not to mention it might spam you with malicious ads.

Why’s that?

It’s simple – the VPN is free, so how would the provider be able to afford offering a quality service? You probably already run a business or plan on opening one in the future. So you know just how expensive that can be, and that there’s no way you could survive on the market if you wouldn’t charge anything for your services.

Running a commercial VPN is just as expensive as any other business. The provider has to deal with tons of costs – staff salaries, server fees, maintenance, taxes, marketing campaigns, etc. The list goes on and on.

So the bottom line – always stick with paid VPNs.

5. Exaggerated Claims

“Malware protection,” “fastest VPN in the world,” and “become invisible online” sound really good when you read them. And, for some of you, those terms might be enough to convince you that a VPN can keep your company’s data safe.

But here’s the thing – while those claims sound good, they’re not really trustworthy. Here’s why:

  • “Malware protection” – VPNs can’t stop malware infections or get rid of viruses. The best they can do is block connections to malicious domains. To protect your business from malware, you need antivirus software like ESET or Malwarebytes.
  • “Fastest VPN in the world” – VPN speeds are pretty unpredictable. They fluctuate a lot due to different factors (distance from the server, encryption, WiFi). There really isn’t one single VPN on the market that consistently offers the fastest speeds.
  • “Become invisible online” – There’s no way to be completely anonymous when you’re on the web. VPNs can offer better Internet privacy, sure, but they won’t make your business network invisible. If that’s what you want, you need to get an SDP

Reliable VPNs don’t need to grab your attention with exaggerated claims. They do it with their service instead. Here’s an example of marketing copy done right from NordVPN:

How Else Do You Avoid Sketchy VPNs?

What other things do you check when picking the right VPN for your business? Are there any specific red flags that make you lose trust in the service instantly?

Please let us know in the comments.