Is it risky to use a 3rd-party VPN service such as NordVPN for a business? The goal is to make it harder for attackers to break in to the office through the Internet. The goal is not to allow people to connect to the office remotely. The line of thought is that forcing all office Internet traffic through a VPN would make it harder for an attacker to target the office because the VPN would make the office Internet connection anonymous.
Would using a VPN in this way negate the protections provided by a NAT router? What about if the router itself is configured to make the VPN connection for the whole office instead of having each individual client computer connect? Which is the best way to do it?