Security Technology Executive

SEP-OCT 2017

Issue link:

Contents of this Issue


Page 54 of 69

www. • September/October 2017 • SECURIT Y TECHNOLOGY E XECUTIVE 53 Follow System Management Best Practices Cyber threats continue to evolve and so should your cybersecurity practices. Cybersecurity isn't a one-and-done operation. It needs to be constantly managed to reflect current risk assessments. But sometimes the hardest thing to do is take that first step. So where should you begin? • Use strong passwords. This is something I mentioned earlier. Bad passwords or default passwords represent a constant threat to cyber- security. Users need to balance their ability to remember a password against the ease in which it can be guessed or cracked using a brute-force attack. The strongest passwords are those that combine numbers, upper and lowercase letters as well as special characters. • Isolate your surveillance system. Put your surveillance network behind a firewall so that the devices aren't directly exposed to the Inter- net. Also, consider segmenting your IP surveil- lance system from your production network to prevent hackers or even unauthorized employ- ees from jumping from one network to another. • Keep firmware, software and patches up- to-date. Institute a regular maintenance sched- ule to ensure that all components of the system are operating under the most current version of firmware, software and malware protection. Many manufacturers automatically send alerts out letting you know when updates are avail- able. And with these new mass configuration tools, you can make these wholesale changes across the entire IP surveillance system at once. Choose Partners Committed to Cybersecurity Speaking of manufacturers, it's important to vet your partners to assess their commitment to providing products and services that will help to enhance your system's cybersecurity. Things to look for include: • Honesty about vulnerabilities. Historically has the company been upfront about cybersecu- rity issues with its products? Has it been quick to apprise customers of problems and provide solutions to correct the vulnerability? • Security-conscious about software devel- opment. Does the company participate in cybersecurity forums and professional organiza- tions to keep abreast of evolving cyber threats? Does the company focus sufficient resources on designing and testing the cybersecurity of its firmware and software before they're released to the market? Does it validate that its cybersecuri- ty measures won't introduce new vulnerabilities into other vendors' products on the network or within the surveillance system? • Timely patches and updates. How quickly does the company distribute patches and updates when vulnerabilities are discovered? Do they have an automated alert system to notify you when the most recent updates become available? • Regular maintenance and upgrading cycles. Does the company provide management tools to help you with ongoing maintenance and version control of your devices' firmware and cybersecurity features? Denial Won't Make it Go Away Let's be honest. Nothing that you do is going to make your surveillance system 100 percent cyber secure. But if you act like an ostrich with your head in the sand and do absolutely nothing , you're going to present an easier target than the next guy. And that means you're probably going to get hacked. And worse still, you probably won't even know it. So you need to start somewhere, even if it's just something simple like mandating stronger user pass- words. Once you've taken that first step, going for- ward will get easier. New time-and-resource-saving mass-configuration tools will help you implement cybersecurity features quickly across your surveil- lance network devices. Partnering with manufac- turers who employ best practices in developing and maintaining cyber secure products and services will also help you reduce your vulnerability to attack. And look to your IT counterparts for guidance and security policies that will help you make your sur- veillance system as strong in the cyber realm as it is the physical realm. About the author: Ryan Zatolokin is the senior technologist for the business development team of A xis Communications. His primary focus is cybersecurit y as well as positioning and promoting A xis technology in conjunction with the hard ware and soft ware technologies of eco- system partners. Ryan joined A xis in 20 11 as a field sales engineer, bringing more than a decade of experience in net work engineering on the systems integrator side of the industry. Nothing that you do is going to make your surveillance system 100 percent cyber secure.

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - SEP-OCT 2017