I had the privilege of interviewing Dr. Curtis Levinson, Chief Information Security Officer of MetTel, Inc., a telecommunications company. He has over 30 years of experience in cybersecurity and information privacy with several organizations. He’s also the United States Cyber Defense Advisor to NATO.
Below you’ll find video and audio recordings of the interview, and Levinson’s answers to my questions about improving your home network security, and the security and privacy of your personal devices.
Video Interview with Dr. Curtis Levinson
Questions and Answers About Securing Home Networks and Personal Devices
1. What piqued your interest in cybersecurity in the first place?
When Levinson started in technology in the mid-1970s, there was no such thing as cybersecurity. He started out punching cards for an IBM mainframe.
He was the military aid to Rear Admiral Grace Hopper, who was instrumental in the creation of the COBOL programming language and Harvard Mark III computer. Levinson’s time with Hopper led to an interest in securing computer systems. His time with the military led him into cryptography and securing telecommunications and data communications.
2. What are the biggest challenges or threats consumers face related to home network security? What steps should people take to secure their routers?
The single biggest challenge is we really trust our ISPs, which is a mistake.
Many Americans get an all-in-one modem and wireless router from their ISP (Internet Service Provider, such as Comcast, Spectrum, or AT&T). Experts postulate that 90% of ISP-provided modems or all-in-one devices are infected with malware, says Levinson. He says that if those devices have firewalls, they’re not very effective. Also, you don’t control that firewall; the ISP does.
Buy a hardware firewall and put it between the modem and a wireless router you purchase, recommends Levinson. Disable the Wi-Fi in the ISP-provided box, he advises. Connect the modem to the hardware firewall, then connect the firewall to your router.
Levinson doesn’t recommend a particular hardware firewall, but he advises buying a recognized brand name such as Netgear.
Disable the broadcasting of the SSID (network name), or change the network name to something that doesn’t identify you, Levinson recommends. He advises doing the same for the Wi-Fi hotspot on your phone.
Use WPA2 with a 12-15 character password, using uppercase and lowercase letters, numbers, and special characters, advises Levinson. Note: devices that support WPA3, the successor to WPA2, are now available.
Don’t use personal details (address, pet’s name, child’s name, etc.) in passwords, Levinson warns, because people can find those details online.
I recommend using a password manager such as LastPass to generate and store strong passwords.
3. What steps should people take to secure their Windows PCs?
ESET provides advanced security for all your Windows, Mac, Android, and Linux devices. It blocks and eliminates even the most advanced threats.
Malwarebytes crushes the latest threats before others even recognize they exist. It helps protect your devices, data, privacy whether you're at home or on the go.
4. What steps should people take to secure their Macs?
There is a terrible myth … that says Macs are virus-proof. They are not.
Follow security precautions, advises Levinson.
He also recommends that you encrypt the disk of your Mac.
5. What steps should people take to secure your Internet of Things (IoT) devices?
Homes have been hacked through their smart (Internet-connected) fish tanks, recounts Levinson.
One of the most vulnerable is the video doorbell.
Video doorbells are notoriously insecure, Levinson points out. He tells how employees of video doorbell companies have had access to video footage.
Levinson shares the story of a massive robbery in a wealthy neighborhood. He says that hackers cracked the PIN on the garage door, then entered the house through the unlocked door from the garage to the house.
Have a professional install a hardware firewall to secure your IoT devices, Levinson urges.
Network segmentation is another way to secure IoT devices, notes Levinson. Put your IoT devices on a separate network from your main devices. Many routers have a guest network that could be used for this.
6. What steps should people take to secure their phones and tablets?
If the device offers full-disk encryption, use it.
7. What should people do to protect their privacy?
If I were to ask a room of 500 people, ‘Who here values your privacy?’ all hands are going to go up. And then I ask, ‘How many of you freely give your privacy away?’ then the room gets nervous. Because when you get an app for your smartphone, how many actually read the fine print? … A lot of apps are free for mobile devices. Why would they be free? What does the author get out of it? Well, what they get is all your data.
There are software firewalls for mobile devices. Levinson’s phone came with an NFL app. He found that it had full access to the contacts stored on his phone. He used his software firewall to disallow that access.
Many flashlight apps request permissions to data such as contacts and photos, even though all it needs to do is turn on the light, warns Levinson.
People who aren’t your friends on Facebook can still see what you post, if those posts are public, Levinson points out.
I absolutely recommend that every social media user … read the fine print on the contract. Find out what the security settings are … turn them on, and turn them higher.
Levinson cautions against taking nude photos with a mobile device, because they can end up online.
8. What steps should people take to secure their smart speakers?
They can’t be secured. I would not take one if they gave it to me for free, and paid me $1,000 a month.
Levinson tells of someone who requested their data from Amazon, and saw everything he had asked Alexa to do.
Those devices are really ‘buyer beware.’
If you read the fine print that comes with these devices, once your information, data, anything enters the device, it becomes the property of the device provider.
A very enlightening web search is … ‘What does Google know about me?’ and the results can be frightening.
Everyone wants privacy. But everyone also wants convenience.
A salesperson described a “frictionless sales environment” to Levinson. He described a scenario in which your device knows you like a particular brand of running shoe in size 10.5, so your device receives an ad for a sale on that shoe at a nearby store.
Levinson points out the need to watch for the small, often pre-checked box on e-commerce websites that says “Check this if you want to receive offers from us and our partners.”
8. How do you recommend people stay informed of cybersecurity or privacy issues?
Levinson says the resources he follows are fairly technical, such as SC Magazine. He recommends paying attention to the news and media.
He encourages you to put effort into learning about security and privacy issues. For example, search how to protect video doorbell.
My best advice has always been, be very aware of what technology you’re using, how it’s connected, how it’s secured, and please do read the fine print before you agree to anything. Because when you agree, you sign a contract.
Awareness is key … Find out what all the options are for security settings on whatever device.
10. Any other advice?
One very low-tech idea, and that is, everyone should own a paper shredder. … You want a cross-cut shredder. When you get bills in the mail, if you don’t file them and don’t need them, shred them. … Dumpster-diving is an Olympic sport for an awful lot of people.
What You Should Do
- If you have a wireless router from your ISP that you’re not able to configure, consider buying your own wireless router that you can configure to be more secure. Brands to consider: Netgear, Linksys, and Belkin.
- On your router and any Wi-Fi hotspots, disable the broadcasting of the SSID (network name), or change the network name to something that doesn’t identify you.
- Secure your Wi-Fi with WPA2 or WPA3, with a strong password.
- Encrypt mobile devices and computers.
- Pay attention to the permissions apps request.
- Don’t overshare on social media.
- Configure security and privacy settings on social media.
- Before buying a smart speaker, research their privacy issues.