Is it risky to use a 3rd-party VPN service such as NordVPN for a business?

I am using Nord VPN paid version, as per my opinion using VPN some time not secure because even you don't know what happens behind the wall. Because when we secure our endpoint devices most of connected with a define IP address (Your office IP address) but when we use VPN service these security policies stop working meanwhile.

So, your concern is right, using VPN services not secure.

Dr. Klahn wrote a number of good points. I'll try to add some more.

The goal is to make it harder for attackers to break in to the office through the Internet.

Having sound security policies is one of the first things. Harden your systems. Make sure not to leave any unnecessary services enabled.  If you're hosting externally facing systems , then you need to take appropriate measures. For example, if you're hosting a website, then you better be using SSL certificates and only allowing TLS connections. Also, you should have a WAF and DDoS protections in place. And have that web server ONLY accept connections from your WAF.

The goal is not to allow people to connect to the office remotely.

Notice you said you don't want to allow people to connect remotely, which is different than you don't want to allow unauthorized remote connections. If you haven't granted users access to your own VPN, that's one major boost. Not allowing inbound RDP connections to systems on the network is another. (Then again, you shouldn't be allowing any unauthorized connections from the outside) Preventing users from installing software on their computers is also going to be another major step, because someone *will* try to throw on an application such as TeamViewer. Also block access to these types of services at the proxy (if you use one) or router level. If your goal is not to allow unauthorized connections, then I would try to implement MFA on systems that require remote logon (i.e. your own VPN, webmail, etc).

The line of thought is that forcing all office Internet traffic through a VPN would make it harder for an attacker to target the office because the VPN would make the office Internet connection anonymous.

Harder maybe to trace for many maybe. Purely anonymous.... good luck. See Dr. Klahn's comments.

Sending out traffic via a VPN service isn't going to change where you're sitting to begin with. So if someone was just scanning public IP addresses, yours is going to get found sooner or later. You're really not solving any issues.

No.

Because VPN provide no additional security over SSL.

VPNs only provide slower network connections.

VPNs will never protect agains hackers breaking into machines.

The only way a hacker can break into a machine is if the machine is running some software which can be hacked.

Over the past 20x years Linux Kernels have had a few zero days.

Windows on the other hand... wow... you can search the vulnerability databases for all the Windows hacks.

If you really consider your best protection.

VPNs offer nothing. Never have. Never will.

Switching to running only Linux + OSX (Macs), to me, is far better.

Since I switched... Almost 20 years ago now, I went from being hacked continually, to not a single hack since I switched.

NordVPN and other services like it are an external privacy VPN and a redirect VPN.  They are not meant to  provide security.  They are meant to protect you from the prying eyes of the web site to find your IP and attempt to geolocate you.  If you visit a banking site, you are wasting your VPN access.  Security is provided by the SSL connected site that you visit.  This is different than a dedicated office VPN.

The dedicated office VPN secures the connection between an external remote system of your choosing to your internal office networks.  It's for securing your internal office networks.  These provide privacy from external attacks and secure your workplaces confidential information from prying eyes.  They are meant for different things and operate differently.

Thank you everyone for your comments.  It may sound silly of me to ask at this point, but does using an external privacy VPN (like NordVPN) for business Internet access provide any security benefits?

In other words, does using an external privacy VPN do anything to help keep hackers out -- even considering the potential that it may be providing "security by obscurity"?

No.  That's not what it's for.

In other words, does using an external privacy VPN do anything to help keep hackers out -- even considering the potential that it may be providing "security by obscurity"?

The only thing you'd be remotely obscuring is your location, and that may cause you issues. So you'd potentially be causing more issues than you'd be solving. However, someone scanning the internet for open ports on your firewall is not going to get misdirected by your VPN use because they're not even paying attention to that traffic to begin with. They're more generally looking at IP addresses to target. There was a reason why I posted this in my last comment: "Sending out traffic via a VPN service isn't going to change where you're sitting to begin with. So if someone was just scanning public IP addresses, yours is going to get found sooner or later. You're really not solving any issues."

Thank you all for the help.

for me, i will increase the security such as the vpn login only touch minimum IP range and port, and will extra login authenication on some software such as remote desktop