What is IoT Security, and How Does it Affect Your AV Systems?
Every Smart AV Device Needs Protection from Security Breaches
For many years, organizations of all sizes have understood the necessity of protecting internet-connected computers from viruses and hacks. What hasn’t been as well understood or addressed is IoT security – securing non-computer connected devices from threats. Why is that?
Historically, devices not based on general-purpose computing operating systems like Windows were thought to present, in security parlance, less of an attack surface. These systems might have been proprietary or based on open-source systems like Linux, where the development community could see and shore up potential attack points. The attack surface widened considerably in the Internet of Things (IoT), where all devices become "smart" with Internet connectivity to one or more cloud services. Add the ability of many devices to be accessed and controlled by publicly available APIs, and everything is now a computer – and vulnerable.
What does that mean for AV devices like cameras, microphones, room control systems, and more? These are all now IoT devices, and the intelligence derived from their cloud connectivity makes them as vulnerable to threats as any Windows or Mac laptop. How do you improve IoT security for AV devices in your Phoenix, AZ organization? Keep reading for four general strategies below. But spoiler alert – these are similar to what you do with other connected platforms.
Patch and Update
Computer, tablet, and smartphone operating systems are continually receiving patches for security holes and bugs discovered after the software's release. AV IoT devices need the same continual updating. The problem is that the infrastructure for updating these devices isn't as well developed as the internet-based updates for Windows, Android, Mac, and IOS. You need to have the right solutions, even if they aren't "over the air" updates. AV devices should be monitored and queried for software versions, and your AV team should ensure everything is up to date.
No Default Passwords
You might be surprised to learn – or not – that default administrator login credentials still represent a significant vehicle for hacks over the internet. It’s affected everything from EHR (Electronic Health Record) systems in medical offices and hospitals to security cameras. Last year, security systems from smart security company Verkada were hacked, exposing video footage from hospitals to a Tesla factory in China. The culprit wasn’t a sophisticated hack of an API or encryption, but merely an obscure internal default login that presented the hackers an easy back door into the Verkada system. For AV equipment, whether that default login is for the administrative system or potentially one that exists in an underlying OS like Linux or an embedded system, those need to be monitored and updated.
Segment Your Network
Another known security technique from the computing world is segmented networks. Don’t allow your AV devices unfettered access to every other part of your network, as you increase the possibility that a compromised device or cloud service can compromise other devices. Similarly, don’t allow every device access to the internet if it’s not necessary. Often AV systems need whitelisting on a network or configurations that open ports to operate specific communication protocols. Every opening is a risk, and segmentation reduces those risks.
Secure Physical Locations
Many organizations have specifically configured desktop systems to disable access to USB ports to prevent data copying or loading of external software. Generally, that's not possible with many AV devices or control systems, and all the software updates in the world can't prevent a physical hack where someone might inject harmful content or software that, at best, might be embarrassing, and at worst, a significant breach that could present huge financial liabilities. You may need to protect sensitive equipment with physical access control security, limit the potential damage to your system via network segmentation, or use several of these measures to decrease the risk.
Want to learn more about IoT security best practices and solutions for your AV infrastructure? Get started by reaching out to Level 3 Audiovisual here or click the chatbox below to connect instantly. We look forward to working with you.