What a VPN Actually Does (and Doesn’t Do)
A VPN — Virtual Private Network — creates an encrypted tunnel between your device and the internet. Think of it like a private road versus a public highway. When you browse without a VPN on public Wi-Fi, your traffic is visible to anyone on that same network who knows how to look. A VPN encrypts that traffic so even if someone intercepts it, they can’t read it.
It also masks your IP address, replacing it with one from the VPN server’s location. That’s why people use VPNs to appear as if they’re browsing from a different city or country.
What a VPN doesn’t do: it doesn’t make you completely anonymous, it doesn’t protect you from clicking a phishing link, and it doesn’t replace strong passwords or multi-factor authentication. It’s one layer — an important one in the right context — not a silver bullet.
“A VPN protects your data in transit. It doesn’t protect you from your own decisions.”
When You Absolutely Should Use a VPN
Public Wi-Fi — Coffee Shops, Airports, Hotels
This is the classic use case, and it’s still valid. When you connect to an open or shared Wi-Fi network — a coffee shop, an airport lounge, a hotel lobby — you’re sharing that network with strangers. A motivated attacker can run what’s called a man-in-the-middle attack and potentially capture unencrypted data flowing over that network.
If you’re an attorney accessing client files remotely, a business owner sending invoices, or an employee checking company email — that data deserves protection. Turn on your VPN before you connect on any unfamiliar network.
Airbnb and Short-Term Rental Networks
A lot of remote workers stay in Airbnbs while traveling. These networks are semi-public — you don’t know who set them up, how they’re configured, or who has the credentials. I personally treat any Airbnb or short-term rental Wi-Fi the same as a hotel network: VPN goes on before anything else.
On Your Phone — Away from Trusted Networks
Your phone is constantly connecting to networks — gym Wi-Fi, a client’s guest network, a restaurant hotspot. Many people protect their laptop but forget the phone handles email, files, and apps with equal sensitivity. I use Proton VPN on my phone anytime I’m on unfamiliar Wi-Fi. It’s free, runs on Android and iOS, and doesn’t require a paid subscription for the core protection you need.
For my laptop, I work primarily off my Verizon hotspot when I’m away from my home office — which means I’m already on a private, carrier-encrypted connection and generally don’t need a VPN on top of that. For my phone on public Wi-Fi, I run Proton VPN’s free tier. It’s a simple, lightweight layer of protection that costs nothing and runs quietly in the background.
When You Can (and Should) Skip the VPN
Your Home Office Network
Your home network — password protected, managed by you — is a trusted environment. A VPN here adds latency without meaningful security benefit. Save the overhead.
A Client’s Office Network
This one surprises people. If you’re an IT consultant or contractor working inside a client’s office, running a personal VPN can actually create problems. Many businesses have network monitoring, firewall rules, and audit logging in place — especially law firms and financial services companies that operate under compliance requirements. A VPN tunneling your traffic out of their network can trigger alerts, bypass their monitoring, and in some cases violate their IT policies. When I’m working on-site at a client’s office, I connect directly to their network without a personal VPN. That’s both professional and appropriate.
Your Cellular Data Connection
When you’re on LTE or 5G — not connected to any Wi-Fi — your carrier is already encrypting your connection. A VPN adds minimal security benefit here and will just slow things down. I use my Verizon hotspot specifically for this reason when I need a clean, reliable, private connection on the road.
Free vs. Paid VPNs: What’s the Difference?
The VPN market is flooded with options, and a lot of free ones come with real trade-offs. Some free VPN providers log your activity and sell that data — which is exactly what you’re trying to avoid. Not all are bad, but you need to choose carefully.
Proton VPN is the exception I consistently recommend for the free tier. It’s based in Switzerland, has a verified no-logs policy, and has been independently audited. The free version limits you to one device and slower speeds, but for basic protection on your phone or laptop when traveling, it does the job.
For business users who need faster speeds, multiple simultaneous connections, or more server locations, a paid plan from Proton, Mullvad, or NordVPN Business is worth considering. Expect to pay $5–$10/month per user depending on the plan.
A Word for Law Firm Staff and Legal Professionals
If you handle client communications, case files, or any privileged information remotely — VPN isn’t optional, it’s a professional responsibility consideration. The ABA has weighed in that attorneys have a duty to take reasonable precautions to protect client data in transit. Using a VPN on public or untrusted networks is a straightforward, low-cost way to demonstrate that due diligence.
It doesn’t have to be complicated. Proton VPN on your phone, a paid plan on your laptop, and the awareness of when to use it — that’s 90% of what most small law firms and professional services offices need.
The Bottom Line
A VPN is a tool — not a lifestyle. Use it when you’re on networks you don’t control. Skip it when you’re in trusted environments. And if you want to go a layer deeper, my next post covers travel routers: hardware devices that let you create your own secure private network anywhere — and yes, you can run your VPN directly through them.
Want to take this a step further? Read the companion post: Travel Routers — Your Own Secure Network, Anywhere →
Questions About Securing Your Business on the Go?
Whether you’re a solo professional, a law firm, or a small business owner — I can help you build a simple, practical security setup that actually fits your workflow.
Schedule a Free Consultation