If insecure protocols must be used, what is the recommended approach to data protection?

When you must use insecure protocols, the protective approach is to encrypt all data in transit. Encrypting every bit of transmitted information ensures confidentiality and integrity even if the underlying protocol is weak, so intercepted traffic reveals nothing readable and tampering is detectable. Encrypting only some packets leaves gaps that an attacker can exploit, making it easier to capture sensitive data. Relying on plaintext plus a VPN as the only defense isn’t enough because parts of the communication can still leak information or be exposed if the VPN or its configuration is compromised. Implement robust transport or application-layer encryption (for example, TLS/SSL, IPsec, or a secure VPN tunnel) and manage keys and cipher suites properly to maximize protection.