“This poses as a major threat to industries with mobile, remote, or hybrid workforces, including finance, healthcare, legal, technology, consulting, and media. For employees who frequently travel or use BYOD, the risks are even higher as they may download free VPNs for personal privacy or to bypass geo-blocks,” said Pareekh Jain, CEO at EIIRTrend & Pareekh Consulting.
Organizations with younger, tech-savvy workforces may also see higher adoption of free VPNs, since employees often experiment with consumer-grade tools outside IT’s visibility, said Manish Rawat, analyst at TechInsights.
Many enterprises also lack formal governance of browser extensions. Jain noted that some mature organizations use endpoint management or secure browser policies, but many rely on default Chrome/Edge settings. This leaves a major blind spot as extensions can be installed without security review, persist after turning malicious, and remain invisible to traditional vulnerability management systems.
