Cybersecurity Pro Vlad Cristescu on The One Thing You Can Do Today to Protect Your Accounts

ZeroBounce’s Head of Cybersecurity talks about the most common threats that can affect your business – and shares one simple thing you can do now to keep your online accounts secure.

When it comes to securing your business, email database hygiene and cybersecurity are perfect partners. That’s why we sat down with someone who lives at the intersection of both. 

In this fast-paced chat with ZeroBounce’s Head of Cybersecurity, Vlad Cristescu, we talk about simple, clever ways to keep your personal and company emails — and all your online info — safe and secure.

When you focus on anticipating online risks instead of frantically responding to them, you’ll save yourself a lot of heartache. Following the Vlad Cristescu plan of implementing cybersecurity and email validation, you just may save your company. 

In this interview, you’ll learn:

• Why email validation is about more than just avoiding bounces
• The potential role cybersecurity has in your sender reputation
• The perils of reusing your password across platforms
• Why proactive cybersecurity isn’t the future, it’s the present
• One thing you can do today to keep your accounts secure

For the full experience, watch the video interview of ZeroBounce’s Vlad Cristescu on YouTube.

“Keeping that data secure is what I do.”

For people out there who may not know, what is ZeroBounce all about and what part do you play in the company’s mission?

Hopefully, by now a lot more people know about us, but for the ones that don’t, ZeroBounce is all about email deliverability. We aim to help businesses reach customer inboxes and ensure that they have a healthy sender reputation. And when we do this through a flurry of tools, email validation and email scoring is our bread and butter. 

Although I think the email warm-up tool is also catching up! So we’ve got a number of services all around deliverability, with our bread and butter being email validation. 

As for my role, we deal with a lot of sensitive data on behalf of our customers. Keeping that data secure is what I do. As the head of cybersecurity, I’m responsible for everything from infrastructure and data security, compliance, risk management, threat intelligence, monitoring in general, and customer trust. 

That’s another big one. I do integrate and work with customers on a day to day basis to make sure that they have faith in us. And also just overall management of our security posture, and I’m sure the list can go on forever, but that’s really what I do.

“Phishing emails trick you into giving away your information.”

When it comes to personal email, what are some of the common vulnerabilities that people should be aware of?

Phishing emails are the starting point. You want to ensure that you’re aware of any fake messages that’re literally tricking you into giving away your information or granting access to your laptop or the device you’re connecting from. So I would definitely start with that. 

Weak passwords and reused passwords are probably another element that comes to mind as high-risk elements. We’re seeing more breaches happening. If you reuse your passwords across multiple accounts and one of those platforms gets hacked, they’ll try to use that password across other platforms until they find a place where it matches. 

We’ve got password managers, we’ve got all sorts of tools available to us today to avoid that situation. So, strong, unique passwords with every portal that you use is a big one. Not using two-factor authentication for email accounts and any other platform is another one. 

“Not using two-factor authentication is no longer an option.”

Today you can’t not use email. You can’t not use two-factor authentication. You just have to have it everywhere. Not using two-factor authentication is no longer an option. Hijacking your inbox can be done easily by brute force without 2FA. So you need to have it. 

Another big one, I would say, is making sure that the attachments that you get are not malicious. So, make sure that when you receive an email with attachments, you know where it’s coming from, you are expecting it, and you’re expecting that file in that particular format. Also, make sure you have an antivirus solution on hand to scan those files.

Related: How Gen Z uses email at work and beyond.

“Email validation protects your brand.”

Does email validation also play a role in cybersecurity?

Absolutely. 

If you think about it, email validation is not just a marketing and hygiene tool, right? Email validation can extend beyond deliverability. It can become a defensive cybersecurity practice. 

When you’re sending out emails, you’re exposing yourself. You’re exposing yourself to other identities. You’re exposing yourself to bots, to services that do email-based reconnaissance.

So make sure that you’re only sending emails to the people you want to be sending emails to and avoid being blacklisted. Avoid having your inbox being marked as spam. All of those things can protect you as well. 

If you make it onto a blacklist, you won’t be able to send out emails anymore. Your business could suffer from no emails being sent out. If you make it onto some sort of hacker list, then you’ve made your presence known to them, and now you’ve become a target for specific hacker groups. 

Email validation can prevent attacks, mitigate fraud, protect your brand, and maintain hygiene.

“You have to embed cybersecurity in everything you do.”

You’ve been with ZeroBounce for quite some time now – and even longer in the cybersecurity world. How has your perspective or approach to cybersecurity changed through the years?

The biggest change for me has been a bit of a shift from being reactive to being proactive. So instead of only responding to incidents, I now prioritize threat anticipation, having a zero trust architecture in place, and building systems that assume compromise but limit, let’s call it, ‘the blast radius’. That’s been a major change for me. 

I’ve also learned to prioritize business impact. Understanding where security is best suited and doesn’t get in the way of the business. You must align security measures with the requirements of the business as well. 

Obviously, collaboration is key amongst departments. You don’t want cybersecurity to stop you from doing what you want to do. I don’t think it’s a silo discipline anymore. 

You have to embed cybersecurity in everything you do. It’s tied to legal, it’s tied to compliance, privacy, engineering, coding – it’s everywhere! So you want to make sure that you’re not in the way of those departments as they move through the business. 

My overall approach has shifted from reacting to putting in place measures to mitigate potential risks.

Is there a part of you that ever feels a little bit like a detective?

All the time, that’s part of my role.

“Email is your lifeblood.”

From a company’s perspective, what are the real risks with email?

When it comes to risks, they’re not that different from an individual. Obviously, brand reputation is probably the biggest one. In general, email is the most common method of communication outside of a company at the moment. It is the lifeblood of getting in contact with your customers. 

Having measures in place to protect it is vital. It can be anything from having domain protections like DMARC, DKIM, SPF, through the set of tools that are available to everyone now. These are fundamental protocols that prevent spoofing and impersonation. Having a very strict DMARC policy, which we also monitor, and we actually have a few services that help with that as well. This is crucial to prevent fraudulent use of your own domain. 

Using email gateways is an older technology, but I still believe it remains relevant. They’re advanced tools designed to prevent phishing, to look at the links that you come through an email, and analyze any potential malware. 

They are cloud native nowadays, so they shouldn’t really be a problem. They’re built into Google Workspace and Office 365. Security gateways for email are really important. 

“People should also encrypt their emails.”

Obviously, in line with what I said before, having multi-factor authentication across the board is important. That’s another way of making sure that people don’t gain access to your inboxes. 

Training is important, too – including phishing tests. Regularly undergoing security awareness training related to specific emails. Monitoring is another key element here, to ensure you’re aware of the types of emails you’re receiving and identifying any anomalies, that’s a key point. 

People should also encrypt their emails. A lot of emails nowadays are still not encrypted and I think having tools in place that automatically encrypt emails that have sensitive content is probably another big step that companies should take. 

And when everything else fails, have a well-crafted incident response plan. So, just make sure you’re prepared for the things that could go wrong when it comes to issues that may arise through the email channel.

“AI is being used to manipulate public opinion.”

What is the thing that people aren’t talking about when it comes to cybersecurity?

There’s one thing I’m always worried about, and people do talk about it somewhat, but not necessarily from this perspective. We hear about AI left and right, but what is still underdiscussed is the idea of manipulation through deep fakes, synthetic content, and AI-driven social engineering. 

We’re seeing all the benefits that AI brings to our lives, but we’re not discussing the smaller threats that are coming from the AI space. And this way of manipulating truth through AI is definitely something that we’re going to be seeing quite a bit of. 

It’s important to raise awareness. I’m seeing all the people being scammed by AI impersonating their children or their children being scammed. During elections, we see in the media that AI is being used to manipulate public opinion. So we need to have a deeper conversation about how AI is being used to manipulate us.

If you were passing by in a boat and somebody yelled up at you, “what is one tip for cybersecurity that I can do right now?” What would you shout back?

Just go and change your password! 

Everyone’s password is at least a year old. Just take a day where you say, “I’m going to change my password and have unique passwords everywhere.” And if you do that once every three months, it’s going to save you a lot of heartache.

“You’d be surprised how disconnected we are.”

What is one simple thing anyone can do today to make today better?

We live in a world where communication is so easy, but it’s all done through technology. And what we should really do is go back to being a bit more personal. Reach out to someone we haven’t talked to in a while, just to check in. It could be a colleague, a friend, or even a former mentor. 

Just have that face-to-face conversation or even a telephone conversation. That’s still using technology, but it’s different from WhatsApp, Facebook, or Instagram. And just say to them, “I’m thinking about you, how are you doing?” 

In this hyper-connected world, you’d be surprised how disconnected we are. Just having a touch-base with someone you haven’t spoken to in a while, would be amazing to improve your day.