Unfortunately, along with the benefits of accessibility and ease of use, these highly sophisticated network video systems come with the constant threat of cyberattacks.
IP cameras are not dissimilar from other network devices exposed to attack scenarios. As higher ed institutions transition to IP security systems, they face the same data breach risks. The systems are highly vulnerable and easy to hack, and they present a considerable surface area cybercriminals can use to access a university’s network.
In addition to common threats — malware, ransomware, distributed denial of service, man-in-the-middle and brute-force attacks — video cameras are susceptible to third-party eavesdropping.
Best Practices for Securing IP Cameras
The potential for third-party eavesdropping via camera systems is an example of why university CTOs and data security officers must address the vulnerabilities of their IP security cameras. The goal is to prevent unauthorized access to the system that could compromise other devices in the network.
Here are several security strategies higher ed institutions can implement to prevent or mitigate attacks on their IP camera systems:
Proactive steps include partnering with an Internet of Things solution provider to discover every IoT device connected to a university’s network and assess each device’s security risk. Universities should also invest in technology that integrates IoT security into a broader solution that protects the data center, network, mobile devices, endpoints and cloud assets.
Best practices for managing staff email passwords, guarding against phishing, protecting student data privacy and restricting access to university networks needs to extend to IP cameras. Like other vulnerable access points, IT departments must enable multifactor authentication, limit access by IP address and create a video client account to reduce the risk of compromising the device administrator password.
Penetration tests are used by many institutions to evaluate network security. These simulated attacks are often carried out by trusted third parties authorized by universities to attempt a breach of their systems. However, IP cameras are often overlooked as vulnerabilities. Institutions should ensure that pen tests are performed on these IP devices, using the same tools, techniques and processes attackers would use to pinpoint weaknesses in the security system.