September 6, 2019
Cybersecurity: Best Practices in Video Surveillance
Read Time / 6 min.
It should come as no surprise that video surveillance is one of the most widely used technologies in the security industry, but did you know that IT departments now put these devices under increased scrutiny due to recent hacks?
Business owners see video surveillance systems as not only a detection and apprehension tool, but also a way to gain valuable insight into employee, customer and operational activities.
But in a vastly networked Internet of Things (IoT) world dependent on interconnectivity, video security systems – along with many other connected devices – have become a source of risk for businesses. This is especially true for those that have transitioned from analog to IP video cameras, which are controlled via (and transmit data over) the network.
To protect against ever-evolving cyber threats, it’s critical that you take measures to protect your video surveillance system from cyber threats.
This blog will help you learn fundamental best practices for maintaining cybersecurity and what to consider when addressing cybersecurity threats to your business’ video data.
1. IoT monitoring and governance: Know what’s on your network.
The first step to securing your network is knowing exactly what devices are on it and how they’re operating – but this is often easier said than done.
Maybe you’ve stepped into a new role and inherited your organization’s security program. Or perhaps through acquisitions or mergers, you find yourself acquiring hundreds or even thousands of new video surveillance devices with little or no documentation.
Adding to those challenges is that in the past, cameras, locks and other network-enabled devices may have been deployed across the business without IT collaboration. Now, you may find rogue devices in operation – with no easy way of knowing their purpose or security levels.
One solution that makes tracking and monitoring your IoT devices much easier is an IoT governance platform. An IoT governance platform gives you visibility into all the devices on your network in a single dashboard. And while there are many IT native software packages that do just this, rarely do any of them integrate with physical security equipment, specifically.
This technology automatically detects and verifies core physical security components like video surveillance cameras and access control panels, as well as other IP-based devices, such as uninterruptable power supplies, turnstiles and more.
2. Conduct regular vulnerability tests for all IP video cameras and review your networked security system frequently.
Test all associated protocols, hardware and firmware to ensure each video surveillance component has been thoroughly evaluated and can readily mitigate or prevent an attempted cyber attack.
Protocol testing examines the security of communications to and from the device on the network, including the strength of encrypted transmissions – and whether these communications can be intercepted for unauthorized capture or modification.
Hardware testing focuses on evaluating the physical as well as the software and connectivity of the IP video surveillance devices – making sure that all elements remain as tamper-proof as possible.
Finally, a firmware analysis reviews the system for any buffer overflows, injection flaws, backdoor accounts or other vulnerabilities – and should include the installation of any device firmware upgrades available to respond to new or forecasted risks.
New technology today can automate this process, making it much easier to identify and resolve cybersecurity vulnerabilities across your security network. Service assurance technology automates firmware updates, conducts device password checks and tracks your inventory. It also detects and diagnoses security system performance problems and cybersecurity vulnerabilities – and helps you resolve them.
3. Limit the number of privileged users and minimize physical access to equipment.
Apply the principle of least privilege when considering those users in your business who will be granted high-level access to IP video surveillance settings and data.
The rule of thumb is simple: No matter how trusted an employee might be or how significant an asset to the organization, the more people who are exposed to the system’s components or data, the more likely a system is left open to cyber attacks and vulnerabilities.
Turn to the expertise of your security integrator for guidance on implementing a comprehensive vetting and selection process for privileged system users.
Also, deploy diligent auditing processes to track these users’ movements within devices, appliances and servers across the system, and develop strict policies that will immediately disable privileged accounts in the event that suspected attacks or compromises are detected.
Beyond these actions, keep all physical video equipment under lock and key. Don’t allow system components to fall victim to interference by the public or otherwise unauthorized individuals by strategically deploying equipment within restricted areas with similar limited access standards.
4. Don’t use default passwords or ports.
Many complex hacker applications are designed to readily guess most simple passwords with some degree of ease.
Video manufacturers have made this even easier over the years by publishing their default usernames and passwords. Furthering the risk, there was a period of time when many dealers and integrators didn’t require a strong password format.
Practice a culture of strong password requirements from the onset of system deployment. While not every password is guaranteed to be completely hacker-proof, the more intricate and randomized, the less likely malicious individuals will be able to infiltrate or gain control over the system.
Similarly, confirm that your integrator has made a habit of configuring IP video and network-based cameras on ports that differ from the ones programmed in manufacturer factory settings, where possible.
Ports – the logical infrastructure pathways by which video data and other information is transmitted – offer targeted gateways for hackers looking to gain access. Often, hackers can easily locate information regarding the default ports of system manufacturers and from there, begin to test for vulnerabilities on recorders, cameras and other IP-based devices.
Coupled with artful firewall best practices, selecting uncommon ports from the thousands defined makes video security cameras and system architecture more difficult for hackers to identify and attack.
5. Maintain an open dialogue with your security providers.
In the constant battle against cyber attacks, collaboration among every level and division of your business and your security partners is key.
Rely on the expertise of your integrators and service providers to stay current on new threats, mitigation tactics and emerging technologies. Make sure you’re receiving the most expert, adaptable and informed security services and technologies available.
With new threats surfacing every minute, a widespread alliance bolsters your business’ data protection by deepening a far-reaching trust in your security partner.
Don’t sit back and hope this never happens to you, because it is only a matter of time before a vulnerability exposes itself that could impact your business in some way.
Follow the best practices outlined in this blog to ensure you’re taking action to protect your video surveillance system from cyber threats – and helping your business to thrive in the new security climate.
Request a quote for STANLEY IntelAssureTM, Powered by Viakoo, which automates firmware updates, detects and diagnoses security system performance problems and cybersecurity vulnerabilities and helps you track and monitor your IoT devices.