VCA Cybersecurity Part 2
It may be an old country love song made famous by Willie Nelson, but “Always on My Mind,” could just as easily be a song about cybersecurity for those in IT and AV. With the proliferation of cloud services, video conferencing, and the internet of things (IoT), IT professionals can never rest easy about security. How much sleep has been lost over the unknown number of conference rooms containing video conferencing systems that still use the default logins and passwords? (Read part 1 of our cybersecurity blog here.) And according to a recent AvePoint survey, only 45% of IT pros say they are “very confident” that their organization’s data is secure in their cloud collaboration program. The sources for concern may be growing, but fortunately, cybersecurity is not a lost cause.
WHAT YOU CAN DO
Here are some steps you can take to rest easier.
1. Stay in the know.
Know where your data resides, as well as what is connected where. Video recordings, web meeting recordings, meeting notes, and the like, can contain sensitive information and shouldn’t be stored locally in case a laptop is lost or stolen. They should be stored on the network and categorized based on sensitivity. Shared technology solutions, like those on the cloud, also create vulnerabilities. Make sure you know how your vendor’s system is designed to protect against threats, and make sure you know what vendors are doing with your data, like user login information and user access permissions. You will want to identify potential threats and frequently reassess so you can make informed decisions about what additional security measures you may need to take to prevent a cyberattack.
2. Create a response plan.
Establish a protocol for responding to attempted or successful breaches or attacks. Know in advance how to report incidents internally as well as to authorities. Learn how to control the damage, how to save information about the attack, and how to access and restore backup data. In part 1 of our cybersecurity blog posts, we described an incident involving the hacking of video conferencing equipment belonging to a Canadian political party. In that case, it was the white hat hacker who alerted the party to the breach and the security vulnerabilities. If the hacker had been an individual or organization with nefarious intentions though, there’s no knowing how long it could have gone on undiscovered, how much damage could have been done, or how the organization would have remedied it. With a detection and response plan in place, you can minimize loss and damages.
3. Use basic security tools.
Take standard steps to secure your data and network. Even though you know each tool may not be perfect, continue to use encryption, use appropriate authentication methods (like one-time passwords and two-factor authentication), and change the default password on the video conferencing system. IoT makes it important to implement privacy and security protections at the device level (with precautions like password encryption and single sign-on), as well as at the network level (with precautions like network segmentation).
4. Train your employees.
Employees cause about 30% of data breaches, according to the Online Trust Alliance’s 2016 Data Protection and Breach Readiness Guide. Your people are your biggest asset but also the weakest link when it comes to cybersecurity. However, if they know what to guard against, they can be one line of defense. Educate them on the risks surrounding equipment, passwords, social media, the latest social engineering ploys, and communications and collaboration tools. Make standard security tasks part of their everyday routine, including updating antivirus software and privacy settings, and taking steps as simple as covering cameras when they end a video conference call.
Without training, many employees likely have not considered that video conferencing cameras pose a security risk, says Amy Madden, CTS, ISF, LEED AP and Video Conferencing Product Manager at Draper, Inc. “Make sure the camera—which resides on the network—is situated behind a firewall. Also, make sure the lens cap is on when the camera is not in use, or implement a software solution to protect the camera. The simplest solution is to take the camera out of the room when it isn’t being used. This can be accomplished by a recessed lift and closure that shuts once the camera is inside the housing, cutting it off completely from the room.”
The above list is not exhaustive by any means. Even if we listed every possible cybersecurity measure, it would soon be outdated. Cyberattackers are constantly at work thinking of new tactics. Of course, there are professionals who are devoted solely to keeping up with all the threats. An additional way to stay current is to use managed security services. It’s a good option for many organizations as long as it doesn’t give you a false sense of security. When you have multiple service providers involved in your day-to-day operations, you are open to increased risk, especially when you consider the human error factor.
“What integrators and IT teams are really looking for is a level of confidence that they can deploy a collaboration product on the network without increasing security vulnerabilities,” says Christopher Jaynes, founder and CTO of Mersive, a leading manufacturer of wireless collaboration solutions distributed by BTX Technologies. “Look for a collaboration product that takes enterprise considerations seriously. You’ll know you’re on the right track when you see real enterprise-level encryption, quality-of-service networking support, and centralized monitoring and management.”
The first step to protecting your organization from cyberthreats is to assess your current protections and vulnerabilities.
To learn more about Mersive technology or for a 30-day demo license from PSNI Preferred Vendor Partner, BTX Technologies, contact them here. And for more information on video conferencing privacy, download this white paper from PSNI Preferred Vendor Partner, Draper, “Audio Visual Screens: Is Someone Watching?