Audiovisual equipment has come a long way since the days of projectors, speaker phones, and peripheral cameras. Today, audiovisual equipment is built into laptops, camera systems are network-enabled and powerful enough to connect you with teams around the world, and many devices come with remote management capabilities built in by default.
Although these features help to make your team more productive, collaborative, and efficient—especially in today’s remote operating environment—they can also introduce new security vulnerabilities and challenges for your security team. So how can your team ensure that it is doing enough not only to secure your audiovisual network to enable your business today, but also in the months and years ahead?
Here are five key strategies that you should consider.
1. Practice strong password management.
A lot of audiovisual equipment, much like other new network devices for homes and businesses, come with default passwords and usernames to ease the installation process. However, one of the first configuration steps you should take is to change the default password from the original manufacturer’s settings. This will prevent unauthorized access or even back-end access to different parts of your network. It is best practice to document the passwords that are set on all AV devices, as a lost password leads to factory resets and reconfiguring. Some passwords can be changed at any time, while other devices require the help of a Field Engineer. Good management dictates that you should always be prepared to change a password back if a break is noticed in the control system and backup configurations of all AV devices should be stored when possible.
Just like with any network device, you should practice good password hygiene, including the following precautions:
- Not reusing passwords from other services or administrative users
- Logging and regularly changing passwords to each interface
2. Disable unused services, ports, and functions.
Depending on the manufacturer, audiovisual equipment can also come with services, ports, features, and settings that your business does not need, such as FTP, DNS, ICMP, HTTP, or HTTPS. If they are not in use, make sure that these ports are disabled. Or if some of the features are enabled, when possible, increase the security settings to more secure levels, such as 802.1x or WPA2. Your Field Install Team and Engineers should have a list of ports that need to be opened for system control and functionality.
3. Isolate devices on your network.
Although it is used to facilitate collaboration, audiovisual equipment can be an initial access vector or pivot point for cybercriminals. This is why it is important to separate your audiovisual devices onto their own virtual local area network (VLAN) to help reduce the chances that a breach of one audiovisual device could reach into other parts of your network. Most AV control processors also have the ability to place networked AV devices on an internal AV VLAN. This will give the AV equipment one point of connection on the network while keeping all other devices separate. You can take this one step further by monitoring traffic flows and enforcing aggressive outbound filtering from devices that are not supposed to be reaching outside of your network.
4. Proactively update and patch.
As with other operating systems and network devices, staying on top of firmware upgrades for audiovisual devices is critical, even if those updates and patches release less frequently than they do for your computer equipment and servers. Also, when a new patch is released, ensure that your firmware updates come from trusted, encrypted sources to prevent introducing malware into your network. Occasionally, updating the firmware or software on a device that is connected through an AV control system can break the control functionality. As with passwords, be prepared to roll back updates if you notice a loss of functionality after an update.
5. Regularly audit and test your security.
Either through automated tools or manual reviews, make sure to capture event logs to hunt for unusual activity. At the same time, inventory and audit your devices to see which are actually connected to the network and who they belong to. As organizational needs change or as personnel turn over, you should update your inventory to track which devices are actually in use, what purpose they serve, and who is responsible for maintaining them.
Finally, when conducting network vulnerability scans or other security tests, include audiovisual devices to double-check that the preventative measures and maintenance are occurring.
Secure your network against tomorrow’s cyberthreats.
As our workforce increasingly requires new ways to stay connected—to each other and our customers—audiovisual equipment is playing a very important role in meeting that need. That’s why it is necessary to take precautions not only to keep devices performing optimally, but also to keep your brand safe from potential cyberthreats.
If your organization is looking to fast-track your efforts or to put a new program in place to secure your audiovisual equipment, the team at VectorUSA has more information about enhancing and securing every part of your technology ecosystem.
We would welcome the chance to meet with you.