Article

Securing Your Video Surveillance System 

security camera with glass globe
By Dan Cremins

5 minutes

Check in with your vendor, then do these 4 things yourself.

Cybercrime now costs the world an estimated $600 billion, or 0.8 percent of global gross domestic product, according The Economic Impact of Cybercrime report from the Center for Strategic and International Studies and McAfee. That’s up significantly from the previous version, which put global losses at close to $500 billion back in 2014.

Looking at video surveillance devices in particular, they are like any other device attached to a network. If they are not configured and locked down properly, they can be a point of vulnerability for someone to hack into a credit union’s network and access data transferred over that network. It’s not so much that people would tap into the video network to see views from the cameras themselves. That is possible, but the bigger target is typically customer data.

Protecting customer data has always been a priority for credit unions, but never have the stakes been higher. With the cost of a single data breach averaging $3.2 million, and per-record costs averaging $336 in heavily regulated industries like banking, according to the 2017 Cost of Data Breach Study, sponsored by IBM Security and conducted by Ponemon Institute LLC, the financial impact can be considerable. And that’s before factoring in the amount a credit union will likely spend on legal and investigation fees following an attack. 

At the same time, news of a data breach can affect a credit union’s reputation–and profitability–causing customers to question how carefully the institution is protecting their personal information and assets.

While it’s impossible for any organization to totally safeguard against all cyber vulnerabilities, there are best practices credit unions can follow to protect their video surveillance infrastructure and reduce the risk of being victimized. 

To begin with, it’s important to understand how committed your video surveillance vendor is to the providing a secure solution. Does it have a program in place to respond to potential vulnerabilities as they arise? How does it inform customers (like you) and the systems integrators when a vulnerability is detected and a software fix is available?

Any vendor serious about securing its products as much as possible and helping to keep them secure once they are deployed will have a clear answer to these questions. They should have a documented process in place and be able to point you to that information easily on their website. It’s also a good idea to ask your vendor for a product hardening document, which will provide a series of recommendations to guide you or your systems integrator through various security settings.

Once you’re satisfied that your vendor is doing its part to keep your video surveillance network secure, it’s time to look at how your system is installed. There are many ways to configure a video solution, and how it’s done will absolutely affect your network security. Here are just a few must-follow steps for your credit union to help avoid cyberattacks:

  1. Change default passwords. Work with your integrator to make sure strong passwords are in place for all of your IP cameras and network video recorders. Passwords should contain a mix of upper- and lowercase letters and special characters. Further, choose a video solution that supports integration with your credit union’s Lightweight Directory Access Protocol system, so you can take advantage of existing user permissions and authentication. At a high level, and in the context of this article, LDAP is a protocol that allows organizations to manage their user permissions, ie: who has access to the network. When you log into your network at work, you typically have to enter a user name and password. Many organizations have this set up already, and video surveillance systems can typically integrate with them so all those user permissions and passwords can be applied to the video surveillance system. 
     
  2. Keep software and firmware up to date. Software and firmware releases often contain patches for security vulnerabilities, so failing to apply these updates puts your devices at risk. Make sure your integrator is in regular communication with your video vendor, so your integrator knows when new software and firmware is released and where to get it. Regularly applying updates will not only keep your devices more secure, it can also address other issues that might interfere with the normal operation of your video system. 
     
  3. Use a firewall. Your credit union most likely uses a firewall to protect your internal networks from unauthorized access and malicious viruses and malware. Firewalls help prevent hackers and programs from accessing the critical business information and resources on your internal networks and computers. I suggest using a firewall with Deep Packet Inspection–a filtering capability that looks at the content of data packets, essentially doing a deep dive into all data being delivered. DPI provides an additional layer of security, right down to the application and user level.
     
  4. Disable services you’re not using. There is always a risk when a device is connected to the Internet, but you can minimize that risk by closing network ports, and disabling services your credit union doesn’t need for its course of business. For example, if you don’t require Simple Network Monitoring Protocol services on your devices, these can be disabled. In particular, video recorders with Linux-based operating systems can be customized to remove services, thereby improving security.

Cybersecurity best practices are constantly evolving, and there are many other measures you can explore to safeguard your data. But what’s certain is that your credit union can’t tackle it alone. Keeping video surveillance infrastructure secure needs to be a joint effort between your organization, your video vendor and your systems integrator. 

Do your part by staying up-to-date on best practices and training and educating your staff. It’s also important to adopt a top-down approach to cybersecurity that begins with buy-in from senior executives and support from managers and employees alike.

Dan Cremins is the global leader, product management with March Networks, Ottawa, Ontario, an intelligent video solutions manufacturer serving more than 500 credit unions and banks worldwide.

Compass Subscription