On Feb. 13, Director of IT Operations Chris Golden sent a mass email to Lee students, stating that unauthorized VPNs will not be allowed for on-campus use as of Feb. 17.

A virtual private network — commonly abbreviated as VPN — allows users to connect to other devices via a network for the sake of increased security and anonymity.

“For people who don’t know what they are, I described [VPNs] like this to the faculty [and] staff,” Golden said. “If you wanted to smuggle something from Mexico to the United States and didn’t want border patrol to see what you had, you would build a tunnel and smuggle everything through that tunnel so that border patrol never sees what you are moving. That same thing happens with VPNs.”

Senior computer science major and off-campus student Johnny McGuire has regularly used a VPN to protect his device.

“To put it simply, using a VPN provides security,” McGuire said. “It creates a private IP address where your connection is encrypted.”

VPNs allow users to hide their internet protocol (IP) address — a label assigned to devices connected to a network for identification purposes.

“When you are on the internet, you are constantly receiving and sending data from your IP address,” McGuire said. “The VPN helps encrypt and secure you from threats that can be found on the internet.”

VPNs also allow on-campus users to bypass Lee’s network firewalls, enabling access from everything to blocked content to hazards like ransomware — a type of digital attack where a user’s data is encrypted until a ransom is paid.

While VPNs grant users greater freedom to browse the internet without a need to worry about potential watchful eyes, Golden said they also pose a risk to the security of individuals and the networks they use.

“[VPNs] could put our network at risk [of] malicious activity and ransomware attacks,” Golden said. “In 2019, the costs to recover from ransomware attacks increased by over 200%, and most of those attacks started with phishing. Experts predict that in 2020 ransomware attacks will double. That’s scary.”

The recent change in IT security policy toward VPNs was motivated by the IT Operations Department’s concern for the risks VPNs pose to Lee’s network.

“Our student network right now is full of devices that are bots or [are] infected with other malware that we block while these devices are on the network,” Golden said. “VPNs bypass all of those protections on top of blinding us to what’s really happening.”

Students and staff may still use VPNs to their liking, so long as such usage occurs off-campus.

“If you want to use a VPN while off-campus, that’s great,” Golden said. “There are a lot of great use cases for VPNs — privacy, accountability or security — and if you are concerned about these things, VPNs can be an additional ‘layer’ of security.”

Golden further encouraged students and staff to “start making better decisions about what we click on or download,” emphasizing the importance of exercising cautious judgment while browsing the web.

“There’s a really funny saying, ‘you aren’t paranoid if they really are out to get you’. If you haven’t figured it out by now, they are out to get you,” Golden said.

For more information about the change in policy toward VPNs, contact helpdesk@leeuniversity.edu.