Proactive VMS management in a cyber secure world
It’s difficult to talk about technology without also addressing cybersecurity – the two are closely linked since a majority of devices, systems and solutions that people use as part of their personal and business lives are network connected devices.
Video management systems are an integral part of the surveillance ecosystem, as they collect video and data from a variety of sources into one ecosystem or platform for viewing, analyzing, storing and managing. Because of this VMS systems, just like smartphones and smart home automation, require some level of regular maintenance to ensure they remain cyber secure to protect the system from vulnerabilities, including cyber-attacks and unauthorized access while ensuring the required level of uptime.
Here are three steps you can take to ensure you are proactively managing your VMS system.
Password maintenance
Passwords need to be updated on a regular basis and as a company it’s important to create a policy to update and rotate passwords, along with a process. For many companies, this has not been the case. In fact, it’s not uncommon for companies to deploy IoT & Linux-based devices, like IP cameras or NVRs, and then forget about them until a problem occurs.
Password changes or rotations should follow IT practices and occur on a regular cadence to ensure that passwords on IP devices, such as a VMS system, have been properly protected. There are a few ways to accomplish this – first is manually. But for those who have dozens, hundreds and even thousands of cameras and IP devices deployed this quickly becomes a challenge and a time-consuming process. To automate the process, make sure the VMS solution you deploy has an embedded tool that automatically rotates passwords. Password rotation can be done behind the scenes, without any interruption to service and an automated process to reauthenticate each device.
Along with enhancing cyber-security, changing a password helps to ensure that a former employee no longer has access to systems and the valuable data they contain.
Regular firmware and patch updates
It’s not uncommon for a smartphone to have one or two firmware updates each year. The same holds true for your entire VMS system. Your VMS solution provider should offer regular firmware updates for IoT devices and imbedded devices or patches to all servers and software. Ask about the firmware and software patch policy – does it happen once a year or twice a year – and make sure you are aware of the schedule to ensure firmware updates are not only timely, but do not interrupt the system operation.
Cybersecurity programs
Does your VMS vendor have a cybersecurity program or policy in place? If so, be sure to sign up for vendor notifications about vulnerabilities and how these are being addressed. Companies that have their own cybersecurity program often offer best practice guidelines, track threats on a daily basis and have the resources to quickly respond to issues, should any arise.
In addition, your systems integrator should also have a cybersecurity program in place, along with cybersecurity insurance. Make sure your integrator understands its obligations as security needs to be part of a bigger IT-centric cybersecurity initiative today because all operational technologies (OT) are under attack in the building management systems world.