Don't Get Hacked: Expert Tips For Online Security - Interview With Val Vesa

Don’t Get Hacked: Expert Tips for Online Security – Interview with Val Vesa

Staying safe online isn’t just an IT problem – it’s everyday hygiene. If you bank, shop, work, or share family photos on the internet, this episode will show you the few habits that block most real‑world attacks without turning you into a security expert.

On this episode of Osom To Know, we sit down with Val Vesa – Community Manager at Cloudflare, social media strategist, and long‑time security advocate. At Cloudflare, he works with global communities and customers around safety best practices and incident awareness. He’s known for turning complex security topics into simple, everyday actions anyone can follow. We cover the everyday mistakes that get people hacked and the simple, repeatable habits that dramatically reduce risk.

💡 From passwords and 2FA to phishing, public Wi‑Fi, and oversharing on social media, Val’s guidance is direct and usable. Invite your family to watch with you – these are tips everyone can apply, whether you’re a parent, student, or CTO.

Password Hygiene: Length, Managers, 2FA, and Hardware Keys

Most attacks don’t require genius – just weak passwords and predictable habits. Start by eliminating guessable logins and using a password manager plus multi‑factor authentication. Weak, guessable passwords are the fastest way into your accounts. Ditch anything predictable and switch to long, unique passphrases generated and stored in a password manager.

I usually create all my passwords with a minimum 50 characters.

Val’s baseline:

  • Long, unique passwords for every account (use a manager; don’t memorize).
  • Strong master password for the manager itself, protected with 2FA (no SMS if you can avoid it) and, ideally, a physical security key.

 

 

Phishing Defense: Slow Down, Check the URL, Verify

Phishing works because we rush. Treat login prompts and “reset your password” emails as high‑risk until proven safe – especially when they look perfect.

I always look at the address bar… I put my mouse cursor inside the URL and then everything is visible. I read it and I’m like yeah, I’m on the right one.

When in doubt, report suspicious emails internally first and let security review them. Treat false positives as healthy signals—it’s better to escalate and close than to miss a real threat. Encourage over‑reporting with fast triage and clear feedback so people keep raising a hand when something feels off.

 

Public Wi‑Fi and VPNs: Safer Connectivity Choices

Airport and café networks are a gift to attackers. Prefer mobile data or, if you must use Wi‑Fi, encrypt traffic and understand what your VPN provider logs and where data is stored.

I never use WiFi anywhere I go. I try not to use WiFi as much as possible.

If you rely on a VPN, confirm jurisdiction, retention, and deletion pathways (e.g., GDPR rights for EU users). Free isn’t free if your traffic becomes someone else’s product.

 

Online Security on Social Media: OPSEC for Photos, DMs, and Data Trails

Oversharing fuels targeted attacks. Before posting, check frames for booking codes, credit‑card digits, room keys, whiteboard details, or browser bookmarks visible in screenshots.

The less information we share on social media that can identify us specifically, it’s only going to build up more security for us online.

Clean up sensitive DMs, and learn platform features that let you unsend or delete messages. Assume an attacker will patiently gather breadcrumbs over time.

 

Simple Security Habits That Work

Security isn’t intuitive – build routines that even teenagers and grandparents can follow. Use a separate credentials email for account recovery, enable 2FA everywhere, and rotate important passwords regularly.

Always assume you are going to be hacked. Always.

Teach family members to spot fake antivirus popups and “urgent” prompts, and to pause before tapping OK. Make a household rule: if a pop‑up demands immediate action or payment, close the window and go to the official website or app to verify instead.

 

Online Security for Teams

Slack and email are terrible places to store credentials. Use an enterprise password manager with shared vaults and role‑based access, and restrict sharing via role‑based permissions instead of DMs or channels.

If somebody hacks into that Slack instance and discovers your passwords… It’s your fault.

Treat credentials like production code: review access regularly, remove stale accounts, and log changes. Make it easy, and expected – to flag suspicious activity with a clear reporting channel and quick triage, so small signals become fixes before they turn into incidents.

 

Two men standing side by side against a colorful abstract background of red, white, and blue spheres with the text "OSOM TO KNOW" partially visible. One is in a white shirt with arms crossed, the other in glasses and a gray hoodie.

Quick Online Security Checklist

  • Use a password manager; unique passwords everywhere.
  • Turn on 2FA (avoid SMS; prefer authenticator apps or hardware keys).
  • Avoid public Wi‑Fi; if you must, encrypt traffic and vet your VPN.
  • Audit your social posts and DMs for sensitive info; remove what you can.
  • Never share passwords via Slack/email; use a shared vault instead.
  • Report phishing or suspicious prompts – better a false alarm than silence.

 

Full conversation with Val Vesa

Want to hear the full conversation with Val? Check out the latest 🎙️ Osom to Know podcast.

You can also watch us on our YouTube – don’t forget to hit subscribe! 📩