Interview with Glemad CEO David Idris by Roberto Popolizio

Updated on: June 4, 2025
Managing Editor

From free VPNs to popular messaging platforms, some of the most popular tools and habits you trust might actually be putting your data at risk. In this interview series by Safety Detectives, I invite cybersecurity experts to reveal the most dangerous mistakes millions of people still make, and their top tips to avoid them.

My guest today is Our guest today is David Idris, CEO of Glemad, a team of 100+ experts recognised by prestigious entities like Corporate Vision, the Financial Times, Africa Prestige Award, and MEA Market as one of “Africa’s Fastest-Growing Companies 2022” and a recipient of the Global Business Award 2023.

Are there any cybersecurity habits or apps that most people still consider safe but should avoid at all costs, and why?

One of the biggest misconceptions is that free VPNs enhance your privacy. In reality, many free VPN services log user activity and sell that data to third parties, negating the very privacy they claim to offer. Another high-risk habit is using SMS-based two-factor authentication (2FA) instead of more secure methods like authenticator apps or hardware security keys. SIM swapping attacks make SMS 2FA vulnerable, yet many people still rely on it.

Another overlooked risk is using popular messaging platforms that don’t offer end-to-end encryption by default. If your data isn’t encrypted at all times, both in transit and at rest, you’re leaving yourself open to breaches.

Can you share an example of how these mistakes caused significant damage, and what could have prevented it?

A recent high-profile example was the breach of a major telecom provider where hackers performed SIM swap attacks to bypass SMS 2FA and take over victims’ accounts. This led to financial theft, identity fraud, and even extortion cases.

Another case involved a free VPN service that was caught storing logs of user activity despite promising a “no-log” policy. Hackers accessed these logs and exposed sensitive browsing history, proving that these services were never secure to begin with.

Both incidents could have been prevented with two simple precautions:

1. Using strong authentication methods like FIDO2 security keys
2. Trusting only reputable, paid VPN services that have been independently audited

Why do people keep falling for these mistakes, and how can they spot the red flags?

Convenience is the main culprit. People prefer simple solutions without fully understanding the risks. Free VPNs, for example, sound appealing because they eliminate costs, but the real price is paid in lost privacy.

To avoid falling for these mistakes, look for red flags like:

• Lack of transparency: If a service doesn’t clearly state how it protects user data or lacks an independent security audit, it’s a major warning sign.
• Too-good-to-be-true claims: Free, unlimited security tools often come with hidden costs like data mining.
• Weak security defaults: Services that don’t enforce end-to-end encryption or offer weak password recovery options are a bad choice.

Cybersecurity is no longer optional—it’s a necessity. By adopting proactive security measures today, individuals and businesses can prevent costly breaches and ensure their data remains secure in the years ahead.

On the flip side, do you have any lesser-known or counterintuitive tips that everyone can implement today? How do they help where traditional solutions fail?

Yes! Here are three counterintuitive but effective security tips:

1. Use multiple email addresses for different purposes. Many people use one email for everything, making it a single point of failure. Instead, use different emails for banking, work, and social media to compartmentalize risks.
2. Regularly search for your email on breach databases like Have I Been Pwned. If your email has been compromised, change your passwords and enable 2FA immediately.
3. Enable app-based authentication over SMS 2FA. Google Authenticator or Authy are far more secure and eliminate the risk of SIM swapping.

If someone wants to strengthen their online security and privacy, what are five steps they should take today?

1. Upgrade your authentication methods – Use hardware security keys or app-based 2FA instead of SMS-based authentication.
2. Use a password manager – Create and store unique, complex passwords for each account instead of reusing them.
3. Audit app permissions regularly – Many apps collect unnecessary data. Revoke access to apps that don’t need certain permissions.
4. Keep all software and firmware updated – Outdated software is a common entry point for attackers.
5. Secure your home network – Change default router credentials, disable WPS, and use WPA3 encryption.

Looking ahead, what opportunities and challenges should people and organizations prepare to face in 2025? What should they start doing today to get ready?

The biggest challenge in 2025 will be the increasing sophistication of AI-driven cyberattacks. Attackers are using AI to automate phishing attacks and bypass traditional security measures. Organizations must invest in AI-powered security solutions that detect anomalies and block threats in real time.

On the opportunity side, decentralized identity solutions and passwordless authentication methods will become more mainstream. Businesses should begin adopting passkeys and blockchain-based identity verification to stay ahead of the curve.

How can our readers connect with you?

LinkedIn: linkedin.com/in/davididris

Visit glemad.com for insights on cybersecurity and IT solutions. We also share regular updates and case studies on our blog and YouTube channel.