What online privacy means to our team
Top tips from our in-house cybersecurity experts
Here at ExpressVPN, we don't stop thinking about digital privacy and security when we leave the office or sign off Slack for the night—it's part of our everyday lives. Find out how the pros protect themselves online, at the office, at home, and on the go.
You probably wouldn't be surprised to learn that just about everyone at ExpressVPN is passionate about online privacy. But, like in any group of people, some of our employees have gained a reputation for taking their privacy game to the next level.
We sat down with three of our Cybersecurity staffers—let's call them “Alice,” “Bob,” and “Charlie”—to find out how they protect themselves online, at the office, at home, and on the go.
Meet the experts
Bob has led teams in digital forensics and security engineering at banks, tech companies, and the public sector for more than 15 years before joining ExpressVPN. He loves hiking, animals, and video games.
Alice studied cybersecurity in college and spent several years as a security consultant for local companies. She loves sports and games of all kinds, but especially tennis.
Charlie has been coding since he was a child, winning team and individual hacking competitions before starting his career in application security. He loves nature, reading, and meditation.
Top online security questions answered
What’s one thing you do every day to increase your online privacy?
Alice: Use ExpressVPN! I’ve actually been a customer for years, even before I started working here.
Charlie: I set up my home router to use ExpressVPN so that my family and I are protected and we can easily access content from anywhere. That way, I don't have to think about whether the VPN is on, because it's always on!
Has working at a VPN company changed the way you think about online privacy?
Alice: Most definitely. I think it has shown me even more clearly just how important privacy is when using the internet.
Charlie: I think the most exciting thing for me when I started working here was learning about the sheer number of people concerned about online privacy. The scale is enormous—and growing—and I am glad I can be a part of that movement.
Bob: Many people have many different reasons for privacy and all of them are valid. Of particular note, working at a VPN company has made me realize what a tremendous amount of trust customers are placing in our product. When people send data that might typically be blocked by an oppressive government, they are essentially trusting us with their livelihoods.
Are your privacy habits different at the office vs. at home vs. out and about?
Bob: My privacy habits are the same everywhere. I believe keeping your own data to yourself is imperative at all times and should be a lifestyle, not just something you do during specific portions of your day. The speed of ExpressVPN and our Lightway protocol enables the VPN to reconnect super fast even when going in and out of elevators, ensuring that it is not a burden to properly protect yourself.
Charlie: I tend to be paranoid (or as my wife would argue, overly paranoid) about my online accounts. I literally have a keychain of Yubikeys for 2FA (two-factor authentication) access into different accounts, so my habits on and off work aren't that different. Of course, I work in security so this is somewhat expected.
Alice: My privacy habits are the same wherever I am. As long as I am using any application that accesses the internet, my VPN is enabled. There have been incidents where companies have compelled ISPs to turn over their customers’ personally identifying information; I definitely do not agree with this. My VPN has been always-on since then!
What’s one privacy tip you think everyone should do, but 99% of people don’t?
Charlie: Use disposable, one-time emails for one-off registrations. Bad guys love to correlate email addresses and spray passwords that were dumped in password leaks, so using one-off emails is the best way to avoid becoming a victim of such attacks.
What’s a popular privacy tip that’s actually a myth, overrated, or obsolete?
Bob: The idea that all VPNs are equal, in particular that the “free” VPNs don't come at a “cost” of stealing your data. Also, the myth that only rich and/or famous people need to worry about privacy and security.
Charlie: Changing passwords regularly as a baseline policy is debatably overrated. It's a defense of marginal benefit compared to other things you could be doing, e.g. 2FA and using a password manager to store unique passwords for each service you use.
Would you have any different suggestions for someone who works from home vs. in an office?
Bob: Keep your office data separate from your personal data; try not to mix them. It's a good best practice and a good habit to start if you can.
Charlie: I think being at home often gives the illusion that things are safer, and it becomes tempting to do your own personal browsing on the corporate laptop in a home setting. My suggestion is to resist the temptation and do all personal browsing on your personal devices! A lot of valuable data is stored on your corporate devices so it’s best not to risk company assets.
Alice: If this question is about using a VPN, no. You should always value your privacy regardless of where you are located. Most large corporate settings have their own VPN network setup on work-issued devices. You should not log in to your personal accounts with work-issued devices, because that would be akin to giving up your privacy to your employers!
What would you say to a person who says “I’m not worried about privacy because I have nothing to hide”?
Bob: This is one of the most infuriating comments I hear from people. All of your data is valuable whether you realize it or not. Your habits, lifestyle, who you are, and what you like are leveraged by numerous companies on the internet. Additionally, good privacy practices naturally lead to good security practices and I can assure you that all malicious actors want access to your bank account!
Charlie: I previously thought that too, but experience has taught me otherwise. I once received an email from a cybercriminal threatening to leak a password that I had previously used for one of my personal email addresses unless I transferred some Bitcoin to them. You have to consider that, in our modern information ecosystem, tons of personal data is stored online and linked to your personal email address (your credit card statements, your bills, sometimes even your taxes). I contend it is impossible to have nothing to hide online. Unless you don't use the internet!
Thankfully, the password was an old one and I had already changed it years ago. And the account was protected by 2FA so I wasn't too concerned. But if it was someone less tech-savvy, like some of the elderly folks in my family, they would have had a shock if they received an email like that. I immediately got them a password manager for their passwords and enabled 2FA on their accounts, and never looked back.
Any other tips you’d like to share?
Alice: One tip I would add is to pay close attention to the permissions you give to applications on your mobile devices. A lot of people blindly press “Yes” to application pop-ups, when these pop-ups are requesting to store cookies or access sensitive information like your location. Assess these permissions on a case-by-case basis. For example, does Candy Crush really need to know your location?
Bob: This is more of a security tip than a privacy tip, but if a bank or third-party service calls wanting to speak with you, call them back on an official number you have for that organization. This completely neutralizes scam phone calls and messages. Similarly, don't ever click on links to what you think is your bank. Log in to the official bank website manually and then you'll have access to any valid messages from there. In short, don’t trust the information people send you; seek it out from the source.
Do you share our passion for online privacy and security? Click below to learn more about all our departments and check out our current job openings!