Most of us are well aware of the usual online scams and basic methods for avoiding issues while online. Though there are always more ways to protect yourself as well as friends and family members who commonly use your wi-fi network. These include utilizing a secure internet connection, implementing parental controls where applicable, not oversharing personal information on social media, and being extra careful when using public wi-fi. But are you doing enough to ensure your online safety? Since the third week of October is devoted to cybersecurity careers, we interviewed the renowned French cybersecurity professional Olivier Laurelli. He talked to us about his career choices and personal tips on how to stay safe online.
Interview With Olivier Laurelli, France’s #1 CyberSecurity Expert
Olivier Laurelli is not a casual user of the internet like most of us, but has a passion for cybersecurity that he has turned into a full-time job. Since 2009, he is also the co-founder and editor-in-chief of the independent online magazine reflets.info, specialized in the field of digital and information systems security.
Q: In France, you are known as a cybersecurity expert, or even, ‘net hooligan’. But could you introduce yourself a little bit to our international audience?
A: I am an "old hacker" and I work in computer security, focusing on offensive penetration tests. So I'm the one who breaks everything, a kind of hooligan but more legal. I am also co-founder of a small online medium: reflets.info - Journal d'investigation en ligne et d'information hacking. I'm interested in computer security, privacy and digital surveillance technologies.
Q: According to a recent Forbes article, 2020 and the aftermath of the pandemic made more people live life online than ever before. It is no surprise that simultaneously, the amount of online fraud and phishing scams have also risen exponentially. Do you think this issue will be solved in the near future?
A: No, unfortunately, there is no miracle solution for increasing online safety on a global scale. However, it is important to enhance online security at the individual level. It all starts with good "computer hygiene". The basis is to check that your web browsers recognize the site as being encrypted in the secure form of “https”, and that the https:// certificate is indeed that of the site it claims to be. In case of doubt, use free tools to check the seriousness of the site in question.
Q: How do you pay online yourself? And why?
A: Credit card and PayPal mostly because it's easy and efficient. I do a lot of online shopping on well-known brand websites. On other platforms, I am very careful that it is not a third-party seller or simply make sure that the seller is a trusted one. For example, when I search for a product on Amazon, I know that I will come across third-party resellers most of the time. In that case, I rely on the reviews and comments on the product and paying close attention to the latest and worst ones.
Q: What do you think about prepaid cards to make online purchases (such as Neosurf, paysafecard, ecoVoucher or TransCash)? Have you ever used them?
A: I have never tested them. I understand the principle, but I am not certain that this type of "barrier" is more efficient than good "computer hygiene". However, it also depends on the age group. I can't see my elderly father using this type of card, it might be complicated for him, but for my children (almost teenagers) it's an interesting product to control online purchases and learn how to manage a budget.
Q: Have you ever had a bad online shopping experience yourself?
A: Yes, like everyone else. More than once, I didn't buy on a website because I found some of its security mechanisms dubious (typically: sending passwords in clear text when creating an account automatically disqualifies an online merchant). I still regularly report vulnerabilities to the teams of these sites.
Q: What special measures do you take when you shop online personally? Are there any special checks? Tips?
A: Encrypt, end-to-end, always encrypt. Encryption is a specific process to distort data to make it unrecognizable and unreadable. I advise you to download and use daily secured applications that are based on these algorithms to protect your privacy and security. Moreover, also check the full domain name of the website. It is also important to isolate and partition your activities on the internet between professional and personal use, with different sessions or adapted tools. All operating systems offer the creation of multiple accounts. You can even use another operating system for your personal use like Linux.
Q: For people who mainly use their cell phones or other mobile devices for surfing the internet and shopping, what do you advise?
A: Install and use trusted security software on your mobile phone, and update your operating systems and applications. Also prefer the latest models from cell phone manufacturers, the maintenance of the versions and the security will be of better quality. And above all, read your screen before and after clicking: check the full address of the website, not only the “https” and look for the padlock symbol.
Q: Do you have anything else you would like to share? Some advice, general comments or questions to us, perhaps?
A: Yes. In general: never access an eCommerce site by clicking on a link, but type the url yourself in the bar of your browser. Also, be careful - don't type everything and anything in your search bar as if it were your confidant. Everything is tracked and recorded and sensitive data is shared with authorities if necessary. Alternate search engines, I advise you to download Duckduckgo which is a very good tool with a strict policy with the use of your private data. And another tip: use and abuse of pseudonymity online, this is a useful security measure to enhance privacy. Above all, use a unique password that is and will never be used elsewhere. A password manager, like lastpass or keepass, can help you avoid identity theft and other forms of online fraud.
Besides, creating an account on a site does not bother me as long as the management of the personal data I transmit with the rights of use that I grant to the site is appropriate to me and remains in conformity with the European regulation on the protection of personal data. If you are offered to create an account with Apple, Google or Facebook authentication, check the permissions that this implies. More specifically, double-check what information the website gets and what access it requests: only view your public profile or more like edit or manage your Google or Facebook account. Better yet, create an account with an email address dedicated to receiving spam and advertisements, since that is what it is mainly used for by the merchant and the advertising partners.
Top 7 Tips From Our CyberSecurity Expert
To summarize the gist of our cybersecurity expert's advice, it’s important to maintain “good online hygiene”, which is another way to be cyber smart. Don't be discouraged! There is no issue with maintaining your online activities, social networking, and downloading your favorite content. However, there are ways to better protect yourself by improving your privacy settings and following the advice of experts. Olivier Laurelli's top 7 online safety tips are here to help you prioritize the first steps to take for your online safety.
Protect your identity: use pseudonymity, alternate search engines.
Check the permissions you give to a site when you sign up with an existing (Google or Facebook) account; better yet: create an email address that you use only for creating online accounts. In this way, you will keep your personal information private.
Use unique strong passwords for all your accounts with a password manager.
Read your screen before and after clicking. Check the full domain name and the secure form “https”.
Create multiple accounts on your operating system and at least two email addresses. It's important to separate personal and business uses.
Update your device regularly: operating systems and apps.
Rely on the reviews and comments on the product and especially look at the latest and worst ones.
Want to make online security your full-time job too? Then attend CyberSecurity Career Awareness Week to learn more about professional opportunities in this exciting and growing field.
Want to learn more about online security? October is CyberSecurity Awareness Month. We have joined the cause this 2021 and do our part to cover this topic in our articles. Discover the 6 basics tips to be cybersmart, learn to spot and prevent phishing and how to create and store safe passwords.
Stay tuned to #CyberSecurityAwareness, #CyberSecMonth and, of course, #ThinkB4UClick on social media.