Can my employer force me to use a specific VPN for remote work?

Yes. Through the company handbook or the remote-work policy, your employer can mandate a business VPN solution (NordLayer, Perimeter 81, Twingate, Tailscale Business, Cisco AnyConnect, Zscaler…) on the work-issued device. That obligation generally applies only to the corporate machine and to access to internal resources (intranet, ERP, file shares). On your personal device and your personal connection you remain free to use a consumer VPN such as NordVPN — and arguably you should, to compartmentalise your private life from the corporate tunnel that may log every request. Two clauses to verify in your remote-work charter: (1) the monitoring scope (does the corporate VPN see only traffic toward the company's information system, or every packet leaving the machine?) and (2) policy on personal VPN coexistence (some employers ban running a personal VPN simultaneously, which complicates personal/work separation).

Is a consumer VPN (NordVPN, Surfshark) enough for remote work?

For most salaried remote workers, a consumer VPN covers personal use cases — encrypting the home connection, masking your IP from third-party services, accessing geo-restricted tools (foreign documentation, academic search, region-locked SaaS pricing). It does not replace the business VPN required to access internal apps; those go through the B2B VPN provided by the IT department. For freelancers and independent contractors, a serious audited consumer VPN (NordVPN, ProtonVPN, Mullvad) usually suffices: pick a provider with published audits, a transparent protocol (WireGuard or OpenVPN), and an always-on system-level kill switch. Avoid free VPNs — their economic model almost always involves reselling browsing data, which is the precise opposite of the goal.

What concrete risks do I face working from a café or coworking space without VPN?

Three documented and concrete risks. First, passive interception of HTTP traffic (and HTTPS metadata like SNI) by anyone on the same public WiFi; even in 2026, roughly 8% of popular websites serve partial HTTP content or redirect poorly to HTTPS. Second, the evil twin attack: an attacker stands up an access point named identically to the café WiFi ("Starbucks_Free"), your devices auto-connect, and the attacker sees the entire traffic in clear text by inserting a TLS root certificate of their choice. Third, local DNS phishing — a compromised router (a common scenario in poorly-maintained coworking spaces) redirects certain domains (bank, work email) to pixel-perfect copies under attacker control. The VPN kills all three vectors by encrypting the traffic end-to-end between your device and the VPN server, independent of the local network.

Does the VPN slow down my remote work (video conferencing, screen sharing)?

With a modern protocol (WireGuard) and a geographically close server, the overhead is typically 5–15% on download speed — undetectable for most business uses (Zoom/Teams/Meet, screen sharing, SaaS access). Overhead becomes noticeable only for large file transfers (>1 GB) or 4K streaming. Measured in our [VPN streaming study, 95 sessions](/en/blog/vpn-streaming-study-2026-95-sessions): on a 1 Gbps fibre line, NordVPN WireGuard drops to 850–920 Mbps download (8–15% overhead) — invisible for HD video calls (3–6 Mbps) and screen sharing (5–10 Mbps). To minimise impact: pick a server in your employer's country (or your country of residence), not a distant one — added latency would only be perceptible for real-time tools (video, gaming, trading).

Does the VPN also protect my work device from malware?

No. The VPN only encrypts network traffic between your machine and the VPN server — it does not protect against malware, malicious Office macros, phishing emails, booby-trapped downloads, or compromised browser extensions. Defence-in-depth for a remote worker combines: (1) VPN for the network tunnel, (2) up-to-date antivirus (Defender / Bitdefender / ESET), (3) password manager to prevent credential reuse, (4) hardware 2FA (YubiKey) for critical accounts, (5) browser with sandboxing (Firefox or Chrome with uBlock Origin), (6) regular offline backups. The VPN is a necessary brick, not a sufficient one. Our [complete VPN audit guide](/en/blog/complete-vpn-security-audit) explains how to verify your tunnel doesn't leak — an often-skipped step that makes the entire VPN investment pointless.

Remote work VPN 2026: security guide for employees and freelancers

Remote work has shifted the attack surface

Before 2020, most professional traffic transited the corporate network — managed firewalls, network segmentation, centralised monitoring. Mass remote work pushed the connection onto the employee's home WiFi, on consumer-grade routers (ISP boxes) that have never been audited, shared with vulnerable IoT devices (IP cameras, smart bulbs, old gaming consoles, Android TVs). The result is measurable: according to industry threat reports, 30–40% of corporate compromises in remote-work scenarios originate from a non-corporate device on the same LAN as the work machine.

The VPN doesn't eliminate all those risks but it does two useful things: it encrypts traffic leaving the work device toward the internet (a LAN attacker sees encrypted noise instead of exploitable packets), and it masks your real IP from third-party services — useful to limit cross-service correlations operated by ad-tech networks and data brokers.

Two VPN solutions for two distinct perimeters

Business VPN — mandated by IT

B2B solutions (NordLayer, Perimeter 81, Twingate, Tailscale Business, Cloudflare Zero Trust, Cisco AnyConnect, Palo Alto GlobalProtect) are not competitors to NordVPN — they answer a different need. They let IT:

Grant granular access to internal apps (intranet, ERP, files) without exposing the entire IS to the internet.
Enforce strong authentication (SSO + 2FA) on every session.
Log who connects to what, when, from which IP.
Instantly revoke a departing employee's access.

You don't choose this VPN — it's provided with a client to install, sometimes as a system-level agent. It activates automatically when you reach corporate resources and stays transparent for consumer traffic.

Consumer VPN — under your control

For your personal connection (and for your freelance activity if applicable), a serious consumer VPN covers most needs:

NordVPN — audited provider (Cure53, Deloitte), 6,200+ servers across 110+ countries, NordLynx protocol (custom WireGuard), system kill switch, reasonable pricing on 2-year commitment.
ProtonVPN — Swiss-based, open-source apps, transparent cryptography, usable free plan (limited to 3 countries, no bandwidth cap).
Mullvad — anonymous payment options (cash, crypto), no account creation (just a generated account number), annual public audits, but a thinner server network for streaming.

Common criteria for professional use: system kill switch enabled, DNS leak protection, WireGuard protocol, public audits < 24 months old.

Practical 5-minute setup

Install the desktop client on the personal device.
Settings → Kill Switch → enable Internet mode (system) — not the per-app mode.
Enable DNS leak protection (usually ON by default at NordVPN, but confirm).
Pick a server in your country or a neighbouring country (latency less than 30 ms for fluid video calls).
Test on vpn-leak-test-2026 — confirm your IP, DNS and WebRTC don't leak outside the tunnel.

If you also run the corporate VPN on the same machine, disable the personal VPN during work sessions (or use split-tunnelling to exempt corporate IS traffic from the personal VPN) — otherwise you create double-tunnelling that degrades latency and may trigger IT alerts.

Compliance side note

If you're an employer or IT lead, two points deserve explicit mention in the remote-work charter: (1) the monitoring scope of the corporate VPN (only traffic toward IS, or all device traffic?) — regulators in most jurisdictions require clear employee disclosure on this; (2) policy on coexisting personal VPN — banning it is legally feasible but hard to enforce; allowing it via split-tunnelling is generally the pragmatic path.

For freelancers billing GDPR-regulated clients (now near-universal in EU and increasingly in US/Canada via state laws), being able to document a personal encryption policy (VPN + disk encryption + password manager) eases sub-contractor audits — increasingly mandated in IT and consulting service contracts.

Continue reading

★ Audit Deloitte 2024 · ✓ Garantie 30 jours · 14M+ utilisateurs (source : NordVPN press)

Get NordVPN30 jours satisfait ou remboursé→