VPNs are password protected. Unless someone has the password and access, no one will be able to easily, if at all, access our data in transit to its destination and if they do it will be in gobbledygook.
As long, that is, as the attacker doesn’t already have access to our computer. If an attacker can access our computer, they can fire up and log into our VPN client – or watch or take action while we do; and, access what we can on our corporate network and do with that access and data what we can – including propagating infections and backdoors like RATs.
With a VPN the organisation needs to weigh up the risk of increasing entry points that potentially make it vulnerable with the benefit of remote access for employees and other users. A VPN does, however make our organisations a harder target than if remote communications were to be allowed unencrypted.
See also encryption.