Tech Tips: Secure network connections

Leaky data can be dangerous for most people, but leaks can be devastating for financial services professionals, who may be accessing sensitive information on websites or via email while on the road.

Even snooping on seemingly innocuous information could help criminals build up an attack on you or your clients.

How might you enable two computers to talk to each other safely in an insecure environment? A virtual private network (VPN) can help to protect you.

VPNs rely on encryption. The party at each end of a VPN connection uses a code both to encrypt anything being sent to the other end and to decrypt any communications that are received. Any snoopers intercepting the data signal won’t be able to understand the encoded messages.

VPNs are used in two scenarios: site-to-site communications and remote access.

In the first scenario, a VPN stays switched on permanently, connecting two physical offices.

An insurance company with offices in Toronto and Vancouver, for example, might want to treat all computers in those sites as though they were talking to each other in the same office. That way, a computer in Toronto can access a folder on the network in Vancouver that contains client information.

This data is too sensitive to pass along using the public Internet, lest someone intercept the information en route. Instead, a VPN in each office encodes all communications between the two sites.

A remote access VPN works along similar lines, but enables a travelling computer (typically, a laptop or another mobile device) to talk to computers permanently stationed in an office from wherever that device is – even in our dangerous coffee shop, with a wireless snooper at the next table.

The remote user may want to access resources on the office network, such as folders on the office’s shared hard drive, email servers (for checking messages) or platforms such as intranets that are available only to computers on the office network.

A VPN permits the user to access all of these resources.

– Site-to-site options

There are various kinds of VPN, each suited to a different scenario. The most common – and easiest to dismiss – is point-to-point tunnelling protocol (PPTP). This feature, baked into the Windows operating system since 1995, is easy to set up on remote machines, but also is the least secure. Relying on PPTP is inadvisable these days, and although many operating systems, including Windows, still offer PPTP, its successor, Layer 2 tunnelling protocol (L2TP), also is offered.

L2TP connects two networks in different places that then appear as one network. However, L2TP doesn’t encrypt any communication between the two local networks. The encryption is provided by another technology called IPSec in conjunction with L2TP.

IPsec can be more difficult to install and configure, meaning that the two technologies are more useful for permanent site-to-site communications, but less so for remote access. Financial advisors hoping to use the L2TP/IPsec combo to access their office remotely from a travelling laptop must install and configure their own laptop software while also grappling with the IPsec software at the office. This requires some technical expertise.

A viable alternative for site-to-site communication is OpenVPN. However, this open-source technology, like IPsec, typically isn’t included in computer or mobile operating systems, so you’d have to install a third-party application on your travelling computer to take advantage of OpenVPN.

– Remote access

The above options may be more useful for IT experts within financial services companies that need to connect different offices. But what about the roaming advisor who simply wants to access resources back at the office while at a client meeting, say, or even while at the lake?

You would have two options. The first is known as an SSL VPN, so-called because of the communication protocol used. This option has one significant advantage over the site-to-site alternatives: depending on what data you want to access, an SSL VPN often can run within your browser, eliminating the need for you to install software on your mobile computer.

SSL VPNs can access an SSL VPN portal at the office, which effectively is a web page that you, as a remote user, log into. From there, you can access browser-based applications such as collaboration or sales apps, for example. A portal can be accessed using nothing more than a web browser, which means you can use SSL,VPN from any remote computer, including mobile devices such as smartphones.

SSL VPN portals are fine if you want to access only applications that run in a browser. But what if you want to access other office resources, such as files shared on the company’s network? For this, you could use SSL tunnelling, which creates a traditional VPN using software installed on your computer. In some cases, the software that your computer uses to set up a tunnel also can be installed directly into your browser as a plug-in.

Of all VPN software, SSL is the simplest for non-tech-savvy advisors to manage while on the road, although you still will need someone to set up the other end of the SSL VPN at the office.

The second option for travelling advisors is remote desktop access software. It follows the same basic principle as a VPN in encoding communication between your computer and the office, but with a key difference: there isn’t a dedicated computer or hardware appliance running a VPN at the office.

Instead, there’s just your desktop computer, which you leave up and running.

Products such as LogMeIn, GoToMyPC and RemotePC will allow you to log into your office PC or Mac computer remotely and control it from a remote machine as though you were at the same keyboard. You even can access your desktop environment from a smartphone or tablet PC, if required, and print files on the office printer while out of the office.

Remote access VPNs and remote PC control are good options for advisors on the move, but with one caveat: while these technologies can prevent people from snooping on your connections, the computers at either end aren’t protected. If someone gains access to your remote computer and your VPN password, that hacker can pretend to be you and access all of the data in the office that you’re trying to protect.

© 2017 Investment Executive. All rights reserved.