Students of Lee University, a private Christian college in Ohio, recently received a notice that unauthorized VPN use on campus will be prohibited. The reasons for the ban don’t necessarily make sense, and students with tech or security backgrounds have been vocal in their opposition or negative opinion of the VPN ban.
The ban seems to sit on some fundamental misunderstandings about what a VPN does and why it is necessary for keeping students (and staff) safe online.
Lee University’s Misguided Opinion
Chris Golden, Lee University’s Director of IT Operations, described VPNs as such:
“If you wanted to smuggle something from Mexico to the United States and didn’t want border patrol to see what you had, you would build a tunnel and smuggle everything through that tunnel so that border patrol never sees what you are moving. That same thing happens with VPNs.”Chris Golden, Lee University’s Director of IT Operations
Technically, Golden is right. VPNs do allow users to “smuggle” traffic. The problem with his perspective is that he seems to be under the impression that the only reason one might use a VPN is to smuggle something illegal. It’s also helpful to smuggle your passwords, banking information, and credit card number in a tunnel beneath identity thieves, as allowing them to access that information could be potentially devastating.
Data thieves know that colleges are filled with people using the internet to make tuition and student loan payments and shop for school or dorm supplies. A lot of sensitive information is passing through a college network, and that is precisely why many students want to keep themselves safe.
Golden has stated that this smuggling of traffic could make the campus more vulnerable to ransomware or other attacks by allowing students to bypass blocks or restrictions he claims are there to make the network safe.
How VPNs and Ransomware Correlate
Golden does raise some legitimate points about the need to keep the shared network safe. He fears that VPNs will allow students and staff to bypass blocks on campus that he put in place to prevent people from downloading malware or ransomware. If activity is hidden by a VPN, he cannot observe the activity of users and determine if they’re violating security protocol or discovering new threats that need to be blocked.
Those blocks on a massive shared network can be helpful, as one person’s misdeeds could have consequences for everyone. Golden preaches good practices on campus, encouraging students and faculty to scrutinize everything they click on or download. Those who are not tech savvy or are otherwise entirely unfamiliar with the current climate of cybersecurity threats could easily unknowingly download ransomware or other malware.
What Golden does not seem to understand is that banning VPN use is not the best solution to the problem. While it might be easier in the long run to eliminate people’s options and micromanage them, education is by far the best solution. With so much of our day to day lives revolving around the internet, everyone needs adequate information to protect themselves online.
A Better Solution
It is possible to inadvertently install malware or ransomware with or without a VPN. The VPN is not a common denominator in the situation. Sometimes, VPNs like TorGuard can reduce the potential for the installation of malware or ransomware by detecting threats and blocking malicious ads. This ultimately exposes users to fewer threats, reducing the potential for human error. Universities everywhere would benefit from creating cybersecurity education programs designed to keep students safe online. Chances are, their future jobs will all require some kind of interaction with the internet. Informing them of best practices and properly educating them on threat protection is a sustainable long term solution that everyone needs.