Protecting Higher Ed IT Surveillance Systems

Unfortunately, along with the benefits of accessibility and ease of use, these highly sophisticated network video systems come with the constant threat of cyberattacks.

IP cameras are not dissimilar from other network devices exposed to attack scenarios. As higher ed institutions transition to IP security systems, they face the same data breach risks. The systems are highly vulnerable and easy to hack, and they present a considerable surface area cybercriminals can use to access a university’s network.

In addition to common threats — malware, ransomware, distributed denial of service, man-in-the-middle and brute-force attacks — video cameras are susceptible to third-party eavesdropping.

LEARN MORE: How to stay ahead of emerging cybersecurity threats in higher ed.

Best Practices for Securing IP Cameras

The potential for third-party eavesdropping via camera systems is an example of why university CTOs and data security officers must address the vulnerabilities of their IP security cameras. The goal is to prevent unauthorized access to the system that could compromise other devices in the network.

Here are several security strategies higher ed institutions can implement to prevent or mitigate attacks on their IP camera systems:

Proactive steps include partnering with an Internet of Things solution provider to discover every IoT device connected to a university’s network and assess each device’s security risk. Universities should also invest in technology that integrates IoT security into a broader solution that protects the data center, network, mobile devices, endpoints and cloud assets.

Best practices for managing staff email passwords, guarding against phishing, protecting student data privacy and restricting access to university networks needs to extend to IP cameras. Like other vulnerable access points, IT departments must enable multifactor authentication, limit access by IP address and create a video client account to reduce the risk of compromising the device administrator password.

Penetration tests are used by many institutions to evaluate network security. These simulated attacks are often carried out by trusted third parties authorized by universities to attempt a breach of their systems. However, IP cameras are often overlooked as vulnerabilities. Institutions should ensure that pen tests are performed on these IP devices, using the same tools, techniques and processes attackers would use to pinpoint weaknesses in the security system.

Software updates and patches must be installed, whether the campus uses CCTV, IP cameras or a hybrid approach. Access to the latest software can prevent security holes within the camera systems. Most cloud-based IP systems automatically push out updates and patches. However, for on-premises storage, IT must be sure to choose a product that requires scheduled updates and patches.

Video data storage must be secured, either on-premises or in the cloud, to avoid data loss in the event of a breach. The cloud is ideal for backing up sensitive information saved on local servers. One of the cloud’s security advantages over on-premises servers and infrastructure is its ability to segment storage away from user workstations, where most attacks enter.

The principle of least privilege limits a users’ access to what is required to do their jobs. Users are granted permission to read, write or execute only those files or resources specific to their work. This applies to network and IP camera system access as well.