Why You Should Focus on AV Security
The AV industry still has some catching up to do regarding security. The recent AMX story demonstrates that. But as we’ve said before, network security is a growing concern for every industry, not just AV.
In some ways, our industry is newer to the game. Traditional AV practices didn’t always align well with evolving enterprise-level security needs. But the prognosis for AV security is bright. Our industry has rapidly adapted to increased enterprise-level connectivity. Security innovation is now a major priority, driven by the AV/IT convergence in the recent decade.
This convergence has happened for a few reasons:
- The ubiquity of video communications
- The increase in portable connected devices
- The advent of cloud-based AV solutions
- The rising focus on energy efficiency
Historically, AV and IT had contrasting goals, scope, and quality drivers. Although it existed long before IT, AV has taken longer to develop its presence as an enterprise service. But that development has accelerated in the last decade or so. AV is shifting its focus and catching up fast.
As AV and IT join forces, both industries grow in the process. And yet, as is typical with major industry-wide transitions, inevitable problems arise. Security is one such problem for networked AV.
Because of the nature of AV networks, AV devices are particularly vulnerable to security threats. This is in part because they pose a smaller barrier of entry to hackers. Some devices—such as networked controllers, touch panels, and displays—may be as vulnerable to attack as common portable devices like laptops, cell phones, or tablets.
For that reason, it’s critical to secure AV devices, both physically and at the network level. AV networks should be treated like any other mission-critical network with access to valuable data.
As always, security is a moving target. There’s no one catch-all solution. But there are some key steps to mitigate risk.
We want to help keep your AV networks as secure as possible. That’s why we’ve put together this checklist. Together, we can give would-be AV hackers a run for their money.
1. Don’t skimp on your AV budget.
If your company doesn’t budget for AV security, then your AV network may put the larger network at risk. The return on investment of a sound AV budget is in preventing attackers who might access confidential data through AV devices or even use your AV network as a stepping stone in a larger attack. Your data—and your company’s reputation—are dependent upon secure audio visual networks.
2. Don’t forget physical security.
Physically insecure AV devices are extremely vulnerable. Security at the network level is only effective if no one can access it otherwise. At times, a simple lock and key can be more effective than the most sophisticated level of encryption. You should never store AV controllers, smart displays, or videoconferencing equipment where they might be tampered with.
3. Keep your operating systems updated.
One of the simplest keys to AV security is keeping the OS up-to-date. Regular patches and updates are the foundation of network security. Most of these can be automated—it’s a no brainer! Run an up-to-date OS on every device that accesses the AV network, including devices owned by employees.
4. Secure your cloud-based connections.
Cloud technology has dramatically altered the AV industry. But it isn’t always the best option from a security point of view. Cloud videoconferencing, for example, may be right for some companies and too risky for others. AV integrators, like Synergy CT, help clients define risk tolerance and propose appropriate solutions on a case-by-case basis.
If your company does end up going with cloud-based AV solutions, be sure to encrypt your connections. It may not provide total certainty, but it does help mitigate risk. Sending valuable company data openly over the cloud is never a good idea.
5. Change your passwords often (and NEVER use defaults)
Security experts in the IT world shudder at the data behind password choices. Far too many end-users reuse passwords, revert to defaults, or write down and leave their passwords in plain sight. It’s a security nightmare.
This is a huge problem for AV too. If you’re using one of these common passwords for your AV devices, you’re asking for trouble. It’s crucial that you choose a secure password made up of:
- One or more uppercase letters
- One or more lowercase letters
- At least one number
- At least one symbol (!, @, $, etc.)
The graphic shown above is from the popular web comic, XKCD. In it, Randall Munroe demonstrates the often unintuitive way that password strength is calculated. In general, password length is the most important factor. You should choose a password that is at least twelve characters long. Don’t write it down and don’t reuse it. In fact, password reuse is even scarier than password choice. And of course, change any default passwords on AV devices soon as possible.
Side-note: You might consider using password management software for your personal devices. This will at least help increase security in a BYOD environment. There are even enterprise-level password management solutions on the market as well.
6. Avoid the major hazards of BYOD
Smart-phones, laptops, and tablets are modern luxuries, especially for those with flexible workplaces. But BYOD has its risks. To keep BYOD connections secure, always:
- Change any default system and home Wi-Fi passwords
- Turn off Bluetooth and Wi-Fi when not in use
- Use a reputable (not free) antivirus software, and keep it current
- Avoid accessing public Wi-Fi points from BYOD devices
In some cases, the risk of BYOD is too great. On the other hand, if you include a security procedure within your company’s BYOD policy, the value of BYOD may outweigh the risk. Work with your AV integrator and IT personnel to decide what’s best in your particular case.
7. Make your high-value data assets first priority.
For AV systems that touch mission-critical networks, security shouldn’t be an afterthought. From design to installation, those AV systems should be configured with the “worst-case” scenario in mind. That way, you can focus on prevention from the outset.
By creating a security hierarchy, you can reduce risk while balancing security and access in a cost-effective way. Prioritize security over access for your most valuable assets. In other areas, security may be less of an issue. It’s up to you, working with an expert in secure AV integration, to make those decisions.
8. Remember: In the end, you are in control of managing risk.
AV manufacturers are certainly responsible for any vulnerabilities that arise in networked devices. But AV integrators and their clients are responsible for managing risk. There is no zero-risk scenario. Together, integrators and end-users must define risk tolerance and prioritize security measures accordingly.
Limiting potential attack points is an ongoing process that can’t be shipped in a box. A diligent investment of time and resources is the most effective AV network security strategy.
The AV/IT Overlap
The trend towards seamless and reliable AV/IT integration has resulted in a paradigm shift for the AV industry. Today, AV network security is a collaborative effort. AV integrators and their clients—from upper management to IT—must work together to maintain security.
This checklist provides a general security barometer. AV systems should be evaluated on a case-by-case basis, and this checklist is far from the last word on the AV network security. It’s simply a starting place to help you analyze your networked AV systems further.
Don’t wait to talk to your AV integrator about security. If you go into an AV build with this checklist in mind, you’ll reduce cost and increase security in the long term.
We encourage you to reach out to us if you have any questions. If you want expert guidance in securing your AV network, contact us to schedule a security review today.
And as always, thanks for reading!
Ready to kick your security up a notch?
|Our free guide will help you develop a solid network security strategy so that your organization can protect your mission-critical data from cyber attack.|