With the steady increase in networked devices as part of Internet of Things (IoT), there are now even greater opportunities for would-be hackers to compromise systems.
One particular vulnerability that surrounds the use of video management systems (VMS) and connected devices is complacency. Despite the rising occurrence of data breaches, awareness of the needs of tighter security when installing and using a VMS is yet to catch up. It must be stressed that even the most basic of security errors can ultimately place a system in jeopardy.
Security integrators must keep abreast of the issue by understanding new risks and how to secure a VMS and connected devices.
In fact, video may capture individuals at events or scenes that could establish political involvement, for example. This is a type of data categorized as ‘Sensitive Personal Data’.
Organizations cannot collect data simply on the basis of ‘just in case’. There must be a legitimate reason for collecting and storing VMS data. And it must also be ‘reasonable’ in relation to that purpose.
First, make sure the VMS is SIRA (Security Industry Regulatory Agency) and ADMCC (Abu Dhabi Monitoring & Control Centre) regulations compliant and approved.
Second, systems integrators must ensure privacy by design by applying the correct overall system design, system configuration and physical installation of cameras and other devices.
Last, end users must define and follow procedures and processes as to how video data is stored, handled and shared.
Training needs to reach people across the organization. It must be tailored such that individuals understand some of the unique security risks that come with VMS and the sensitive data that can be collected.
Another aspect is to consider the updates and security accreditations of the VMS itself. The software should also be Secure by Design wherein security is at the heart of a developer’s mindset when they approach a task. If the VMS provider can illustrate that secure implementation is a priority, then VMS cybersecurity is going to be built on robust foundations.
One solution for this is to use a VMS supporting dual networks wherein IoT devices are connected to a completely locked-down network and information generated from these devices is then proxied via the recording server.
Part of this should be the responsibility of the solution manufacturer who must regularly update the VMS to mitigate threats. By keeping a step ahead in terms of VMS cyber security, systems will be made less of a target.
In terms of top tips on this subject, it’s really all about awareness, hardening, training, privacy and regular updates.
- Awareness: Ensure wider awareness of the need for a secure VMS
- Hardening: Tighten up your VMS as part of an ongoing and dynamic process designed to ensure robustness
- Training: Educate users and colleagues on Best Practice in system set-up, installation, and use
- Privacy: Maintain a ‘culture of privacy’ by ensuring that the system is compliant with local data privacy regulations.
- Regular updates: Keep systems up-to-date with the latest drivers, patches, and fixes to stay ahead of the would-be hack