Cybersecurity Dos and Don’ts for Security Integrators
Use these helpful tips to adopt better cybersecurity practices and policies.
Would you leave the doors of your business, home or vehicle propped wide open in the middle of the night as a welcome invitation to hooligans or criminals?
Would you recommend your customers do the same? I didn’t think so.
Guess what, particularly as a security professional, if you’re not taking cybersecurity very seriously then in a very real but virtual sense you are leaving the door wide open for cyber criminals and mischievous hackers to infiltrate and harm your company or your clients’ organizations.
If that is you, then get your head out of the mud, seek knowledge and understanding, and take action – NOW. The good news is that after a skeptical and sluggish start, the electronic security industry is by and large acknowledging the criticality of cybersecurity and its unique interrelationship with networked physical security.
Proof can be found in the third annual SSI Physical-Logical Security Assessment, the lynchpin of SSI’s annual Cybersecurity Issue.
The study shows positive trends in a number of metrics, even as it highlights just how much more work must be done to ensure dealer/integrator businesses and those of their customers are as impenetrable as possible against breach attempts.
The imperative is not for dealers or integrators to become cybersecurity experts (although no one is stopping you) or to radically change models, rather it is to accept this new business climate, learn some basics and, most importantly, implement and adhere to established and emerging best practices.
Doing so minimizes the chances of compromised networks as well as potential liability. At the same time, electronic security firms need to be well aware of the opportunities currently out there to expand into offering managed services such as network health monitoring, either through internal resources or partnering with an outsourced provider.
As a partner in the industry’s first Cybersecurity Congress, former member of PSA Security Network’s Cybersecurity Council and organizer of “The Security/IT Connection: Riding on Networks and Monitoring Network Security for New Revenue” keynote at last November’s Total Tech Summit in Atlanta, I have been a leading proponent of facing cyber-related threats, challenges and opportunities head-on.
That includes adopting sensible, smart policies and procedures that support effective cyber hygiene at the dealer/integrator company and customer levels, and proper vetting and product hardening at the manufacturer level.
No doubt getting started can seem daunting. To help procrastinators get going and those who have begun the journey keep their eyes on the prize, following are dos and don’ts from that Total Tech Summit session:
- Document equipment (OS, application, firm-ware) versions, maintain continuous updates
- Consult manufacturer hardening guides for configuration tips; ask if not readily available
- Change default administrative passwords
- Manage passwords and equipment administrative privileges
- Configure device user accounts to access device services
- Use managed switches
- Establish baseline device networking attributes, e.g. IP address, MAC address and SSL/ TLS version
- Close all unnecessary ports, e.g. FTP; turn off unnecessary services, e.g. DNS
- Create standalone networks for low-voltage systems when possible; use firewall and router tools to transit enterprise LAN/WAN if you must provide services in a shared environment
- Consider 802.1x (RADIUS) implementations for unmonitored (time/staff) devices to ad-dress physical network intrusion
- Discuss known vulnerabilities, e.g. with client, agree on mitigation efforts
- Don’t use default passwords on any equipment
- Don’t use old firmware versions
- Don’t trust a client’s network
- Don’t allow access to your internal network
- Don’t trust WiFi networks
- Don’t trust received storage media like USB, SD, CD, etc.
- Don’t attach your unmonitored equipment, e.g. laptop, to a client’s network
- Don’t open email attachments or web links from anyone that were unanticipated
- Don’t rely solely on signature-based spam filters
- Don’t think that you’re too small to be targeted by cybersecurity criminals
SSI’s 2017 Physical-Logical Security Assessment: Find out how the industry feels about cybersecurity vulnerabilities.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!