IoT: Should You Be Connecting Your Devices Via VPN?

As sensor-based IoT devices become more-available and more commonplace, should we be looking at using more sophisticated security to ensure the data they capture is kept safe? The dawn of the IoT has revolutionized just how helpful a home’s ‘standard’ appliances can be. Nowadays you can control your lights from outside the home, remotely monitor your home via CCTV, control your thermostat using your phone, turn on your oven, order from Amazon just by speaking out loud and tell your TV to cue up ‘Game of Thrones’ without touching the remote - just to mention a few examples. Your phone easily falls into this category with its ability to record, broadcast and geolocate you. 

One thing that might escape people’s attention is that all this data, by definition, is very private and very specific to you. Individually, these things may seem inconsequential. It might also escape people’s attention that this seemingly innocuous data may not be that well protected, depending on the level of security a manufacturer saw fit to implement. That’s also not to suggest that manufacturers simply aren’t bothering; it’s just that security requires power and resources that these devices often don’t have - for a variety of economical reason. 

The reality is, information on your health, shopping habits, location, and even any passing conversation are all being logged in whole or part by these various devices - and these devices can be susceptible to all sorts of loopholes, so much so that the phrase ‘IoT Security’ is considered an oxymoron by some.

Let’s be honest - do you really want people casing out your home via your own surveillance cameras or logging your conversations? How about if we apply this same scenario to your business; with strict new data laws popping up left, right and center - can you afford this sort of compromise? Conceptually, this can seem a little scary, but fortunately there is one step you can take at a relatively low cost that will help combat most of these threats. 

 A VPN & IoT Devices Work Hand-in-Hand 

In simple terms, your IoT devices connect via your internet connection and speak to their destination to achieve whatever it is you’ve asked the device to do. The problem comes when people, somewhere along the way, intercept that data, make a copy of it and then use it for their own purposes. 

You can dig far deeper into the function of a VPN here – but, essentially, A VPN negates this problem by basically encrypting, often to a military-grade level, all the traffic from point A (the device) to point B (the VPN server). Many companies who allow employees to work remotely will mandate that those employees connect to the companies’ business network using a VPN for this exact reason; sensitive data always takes a secure route to or from the local area network.

Should anyone get a hold of the data that’s being sent, they can’t really do anything meaningful with it. Not only does a VPN encrypt traffic - it usually allows you choose its exit point - basically anywhere in the world. This means that its verging on impossible to not only know what data is being transferred, but also where it originated from globally, and what IP it originated from. It basically creates a mask of privacy which all your traffic is passed through.

With this in place, attackers can’t attack your IoT devices, because they can’t see them in any meaningful way to gain access. This makes targeted Botnet and DDOS attacks much harder as you are effectively anonymous from a traffic perspective. Setting this up a router level will basically protect all data accessed and transmitted from any device on your network - which would include all your IoT devices.

Privacy Beyond Security 

So, as well as mitigating direct attacks and masking traffic from nefarious middle-men, a VPN naturally hides your content from all potential snoopers. This can include advertisers, trackers, government agencies and your own ISP. Because, to the outside world, you’re using a different IP to your actual IP, it becomes next to impossible to directly link your activity to your ISP provided IP. The ability to effectively spoof your IP address to anywhere in the world can have downsides, especially when it comes to geo-locked applications – but correct configuration will usually find a work-around.

Things to Consider

If your reason for getting a VPN is to protect your data, it’s probably a good idea to spend a little time finding a reputable VPN provider. There are many reputable paid providers out there - so finding a good one isn’t too hard - but if you’re hoping for a free service, you’ll want to make sure you’ve done a lot of homework – as ‘free’ often comes with downsides. 

For maximum privacy you need to select a VPN provider who has a no-logs policy. Since all data is getting encrypted speed can take a hit - how severe will depend on your connection and the total bandwidth available, although many modern connections shouldn’t notice too much of a loss.

Reliability is another thing - if you’re going to route all traffic through a VPN you want to make sure that something works. As a rule, the top providers have a great track record, but occasional hiccups may occur, whoever you provider is. The best way to get an idea of any given VPN’s reliability is to check user reviews – and, since no service can boast 100% uptime – it’s worth digging into whether the service provides a ‘killswitch’ – dropping your connection if the VPN fails – so you never find yourself suddenly exposed. 

Good VPNs come at a cost, but those costs are often very reasonable, especially if viewed as a security asset. Many plans allow multiple devices to connect to the VPN, and business orientated plans are sometimes work on a ‘per user’ basis instead. It’s also worth keeping an eye out for any data caps – as IoT devices often carry a lot of data. 


A VPN is a great option for most home and business users, especially those with an increasing number of IoT devices connected. Given the simplicity of setup - home users can sometimes be up and running in 10 minutes - the security benefits and privacy it brings make for a very savvy move when protecting your home and your sensor-based IoT devices from attack.