VPNs solve some problems and not others. Here's what they actually do and when they're worth turning on.
VPNs are oversold and undersold at the same time. They solve a specific set of problems that genuinely matter on public WiFi — and they're useless against a separate set that ALSO matters. Here's what they actually do, when to use them, and what they won't fix.
On public WiFi, anyone else on the same network can normally see which websites you visit (even with HTTPS), how long, and roughly what kind of traffic. A VPN creates an encrypted tunnel from your device to the VPN provider — the cafe sees nothing but encrypted noise. The websites you visit see traffic coming from the VPN provider, not from the cafe.
A VPN encrypts your connection to the server you choose to visit. If you visit a phishing site, the VPN happily encrypts your traffic to the phishing site. The VPN never inspects the content. The protection layer is connection-level, not decision-level. You can still get scammed.
Any network without a password (or with a password printed on a sign that everyone has) is open in the security sense. On these, a VPN materially helps. It removes the WiFi-network attacker from the picture entirely — they see only encrypted traffic going to your VPN provider, never the actual destinations.
On your own WiFi or on 4G/5G, there isn't a snooper to defend against. A VPN doesn't make these connections meaningfully safer — it just adds latency. Save the VPN for actual public networks.
Avoid free VPNs — many sell your browsing data. Mullvad and Proton are reputable, take cash, and don't keep logs. If your business has set up a corporate VPN (via Microsoft Entra or similar), use that one for work browsing — it adds an audit trail your IT team can see if anything goes wrong.
For managed M365 tenants, you can configure VPN to auto-connect whenever the device is off the corporate network. Users don't have to think about it. whedo.it sets this up for managed clients as part of the security baseline — see the Azure & Security page.
VPNs are one layer of public-network safety. The other layers matter too.
Setup is a one-shot exercise — Conditional Access policy, device enrolment via Intune, auto-connect script. Once done, every device on the tenant is protected on every network forever. About four hours of work for a typical SMB.
A Support Representative will get in touch.
A Support Representative will be in touch the same business day.
No deck, no pitch — walk your environment with a senior Australian practitioner. Confidential by default.
I built this business because I wanted to do Managed services properly — for a small number of clients, at a senior level, with the same person on the end of the phone every time. The work is too important and the stakes are too high for anything less.
Behind the formal qualifications: a Cyber Security degree from the University of the Sunshine Coast, currently working on my Master’s, plus a continuous stack of Microsoft, Acronis and Nerdio certifications — the ones that have to be renewed because the threats don’t stay still.
Behind the certifications: thirty years of doing the work. I cut my teeth in consulting, then went to Cisco on the team building the original iPhone — Cisco’s VoIP handset, the trademark Apple later acquired in the 2007 settlement. At TPG in 1999 I sold frame-relay networks when frame-relay was the cutting edge of business connectivity. I built and sold a Sydney-based MSP called Online IT before relocating to Perth.
Three decades of watching what’s actually changed and what hasn’t. The technology has changed almost beyond recognition. The principles haven’t. Identity first. Backup that has actually been tested. A senior practitioner who knows your environment. Calm in an incident. Honest answers when the answer is “no.”
That’s whedo.it. That’s the brief. That’s why long-tenure clients don’t leave.
— Warren Ephron, Director