Today, advancements in technology and streamlined manufacturing of surveillance cameras allow businesses of all sizes to have their own security system. No longer limited to banks or government buildings, it much easier to install a top of the line security system in your office, building or commercial store. In fact, it can be argued that a solid security system is mandatory for any new business for quality assurance or to deter illegal activities. However, businesses not only need to battle visible intruders, but they also need to battle against invisible cybercrimes. The tricky part is that cybercrimes can cause a lot of damage to business without the proper precautions. It does not help that it is more difficult to prevent and investigate against for prosecution. As a result, on top of securing your premise, it is equally important to secure your surveillance data and servers.
Typically, a security system consists of multiple cameras that record your business’ premises, 24/7. Business owners can then rely on this information to ensure work is running smoothly or as evidence against criminals. Conversely, any intruder that find a way to access your security system, can also use the same information to exploit your business or cover up crimes. As such, business owners must not only safeguard their premise, but also their security systems.
This article will walk you through all the possibilities of how cyber criminals could penetrate your security system. We will also discuss what to do to minimize your security network vulnerabilities and to prevent different types of hacking events.
Can My Security System Get Hacked?
Hackers can compromise security systems in so many ways. To name a few: cyber intruder could potentially steal, delete, alter, or corrupt your security footage. Depending on how accessible your NVR/DVRs, or digital recorders, they can even disable your entire system! Plus, if they are already in your server, confidential data like trade secrets, client contact info, product designs, transaction history and more is compromised. After the damage is done, not only will you lose data and money, but more importantly: client trust. The last thing you want is for your security system to work against you.
If your business has a good security system with quality cameras, robust storage and network infrastructure, it means you only achieved the deployment phase. Having a security camera does not instantly and indefinitely protect your business from everything. In this section, we will cover potential hacking scenarios from both the deployment and operations phases. And naturally, we will also include pro tips on the best practices to prevent these hacks.
Hardware Hacks and How to Prevent Them
Before you install a security system, the first questions you need to ask yourself is: should I be worried about my cameras and data storage? Can customers or vandals easily reach or tamper with your cameras? Is my NVR in a protected server rack or is it out in the open? Can I trust that employees will not accidentally or intentionally disrupt my server? Cameras and data storage are the most important components in your security system and poses a huge vulnerability if left unprotected.
End-to-End Encryption in Security Cameras
In the market, there are many security cameras that offer local storage. This means the storage unit is physically attached to your security cameras. Usually, these types of plug-and-play products are popular due to their low cost. So, if someone tampers your security camera with a storage unit on board, your data can be fully accessible to outsiders. Does this mean “avoid cameras with onboard storage at all costs”? Absolutely not! What it does mean, is that you need be more conscious when choosing what security cameras to buy. At Panopticon, we always ensure that cameras we use has storage and transmission encryption built in. In that case, if an intruder gets hold of your cameras, the encrypted data will mean nothing to them.
Similarly, this concern also applies to cameras that don’t have on-board storage units. Savvy hackers can hijack your cameras’ transmitting signal, either wired or wireless, and steal your information. They can potentially hack directly into your backend data storage to steal your security footage. However, if your data is end-to-end encrypted, the hijacker will only receive unintelligible codes from the signal.
All in all, make sure you choose hardware that supports data encryption. Otherwise, a live, unprotected feed is easily accessible to any potential hacker. Ideally, the encryption key should be controlled by the owner or the company that manages your security. In that case, only you will have access to your data. We will cover this topic more in the software hacking section.
Securing a Data Storage or Server
When you have a quality security system, it is wise to create a dedicated space for a server to store your storage data and NVR/DVR. After all, you need all that surveillance footage to be stored somewhere! Plus, it gives the added benefit of being able to back up your data. We recommend having multiple data backups because data storage units, like hard drives, experience higher chances of failure than other hardware parts. Unlike hard drives on your computer, hard drives on a video recorder needs constant writes, rewrites, and 24/7 operation. Fortunately, hard drives are much easier to replace and there are special hard drives on the market, specifically designed for surveillance use.
For an extra layer of protection, you can also copy your data to an off-site server with backups. This ensures no data loss if anything were to happen to your premises. For instance, if a hacker steals or tampers with a camera with on-board storage, you can easily recover the lost data. However, if you only have an on-site server room, an intruder could destroy your data storages. It does not matter if your data is end-to-end encrypted when you lose all copies of the data. Those data could contain footage of the intruder’s face and you lose that chance to catch this thief.
Interestingly, cloud cameras offer another solution, where you trust the data handling and monitoring with companies like Ava Security. Instead of you personally handling your security data and server, all your data is stored and managed safely offsite. Not only does it minimize data loss, it will be less stress for the business owner. More on cloud cameras later.
How To Store Your Passwords?
Many security systems and features require the use of strong passwords. If someone gets hold of your password, none of the security measures in this article will matter to you. It is like handing your house key to a burglar. Your system will be completely open to criminals.
The best way to protect your password is to create and memorize a long and complex password. Unfortunately, this is not realistic when you have countless accounts and emails to remember as well. Add the fact that you need to change your password at least every 6 months, and you’re bound to forget or even get locked out of your accounts. Luckily, there are many password managers that can help. You should also avoid using generic note apps to store passwords, as anyone using the computer can easily open them. At the very least, add another layer of security by encrypting the file and using a strong and unrelated password to open the document.
At the end of the day, the tried-and-true method of keeping a physical paper of passwords is still possible. Just ensure not to misplace the paper and keep it in a safe location where only the people you trust will know. If you want, you can even create a code for yourself so the actual password is not plainly written for anyone to read.
Software Hacks and How to Prevent Them
Assuming you secure all your hardware layers in a locked room, you still need to account for vulnerabilities and attacks on your digital data. As mentioned before, end-to-end encryption is one of the ways to battle many forms of cyber-attacks.
Just in case you don’t know anything about encryption, it transforms digital videos or voices data into an unreadable format. Only with the correct encryption key, computers can recover these data into their original form. The most typical example is our cell phone services. There is data encryption during transmission. The problem with this type of encryption is that your internet service provider holds the encryption key. If they have a reason to, they could decrypt your data.
That is where end-to-end encryption (E2EE) comes in. Your devices, such as security cameras, encrypt your data before transmission. After that, no one can decrypt your data until you log in to your system using the correct password. The best part is that only the user holds the encryption key. So long as you don’t lose the key or share it, no one else in the world can decrypt this data.
E2EE is an especially important feature when it comes to data security today. You need to make sure to buy hardware and software from reputable companies. That way, you know for sure that they truly support E2EE function and there are no backdoors. Secondly, you need to make sure you constantly update your software and your password. Make sure your password is complex. All these practices will help you to ensure your decryption key is always secure. If you have an off-site storage center with backups and E2EE, you should be confident that your security system is immune to most forms cyber-attacks.
If you are running a technology company or worried about more advanced hacking activities, you should install both hardware and software firewalls to your security system. Firewalls can protect you from majority hacking activities. Worst-case scenario, if there is a new computer virus that can penetrate your security system, a good firewall system can immediately cut off data transmission to external unknown users and send a red flag to the authorized user about this malicious activity.
Network Hacks and How to Prevent Them
Network hacks are different from hardware or software hacking. Instead of attacking your security equipment, cyber criminals could target your network services and equipment. Moreover, there are ways and tools to target both wired and wireless networks.
Network hacking is not only dangerous to your security system but also dangerous to your regular business operation. A simple example, a hacker can set up a fake Wi-Fi access that looks like the real one. Anything you do on his network is visible to him. If you happen to check any confidential information, then the cybercriminal will be able to capture it. In this type of cases, having a security system cannot help you at all, because the hacker tricked you into logging in a separate unsecure network. This article will only focus on hacking activities that relate to security networks. We will not explore other network hacking possibilities. Please be aware, other types of hacking still exist and they could jeopardize your normal business operations.
It is more difficult to hack into a wired connection. If the intruder does not have physical access to your network equipment and cannot trick you to download malware to crack your software, there is no chance intruder can gain access or control of your security system. We mentioned it earlier that a wired network is usually complex, and it is more difficult to disable. Therefore, a wired system is a better option for your security system.
Besides a wired network, you also need to have a well-protected server room to complete your security system. We will discuss this topic in the next section.
Business cannot completely avoid using wireless connections. There are additional steps businesses need to take to protect their networks. Below are a few pro tips you should follow.
Strong Wi-Fi Password
First, you need to create a strong Wi-Fi password and change it frequently. Please avoid using passwords that are easy to guess. For example, don’t use names and birthdays as your password. If your password gets more complicated, please keep it safe as suggested in the earlier section.
Changing Default Router Login
Second, you should change the default router login credentials. There are only a handful of companies in the market make Wi-Fi routers. Each brand has their own default login credentials for when you first use one. The first thing you need to do is to change this login credential. If you don’t do this, anyone can easily use the default login to access your router and gain control of all the devices on your security system. The cybercriminal can also change the username and password and lock the legitimate users out of their own network.
Disable Remote Router Access
Third, you should disable remote router access if possible. In some cases, it is very helpful for some businesses to access their security network remotely, especially during urgent cases. However, remote access opens so many other possibilities for hackers. If you remotely access your security system through public networks, there are many jump stations in between that are completely outside of your control. Public networks usually have the largest number of cyber sniffers and vulnerabilities. Please turn off your router remote access when you don’t need it, or use a VPN (virtual private network) service, which we will discuss more later.
Other Vulnerabilities on Your Security System
There are other ways intruders could commit crimes even when there is a security system. The most direct option is that they could simply cut off all your power. When there is no power, your cameras or storage will not work, and your premise is free for the intruder. It can be difficult to safeguard against this type of scenario. Obviously, you can’t put cages on all your power cables. It might end up being more trouble for you during maintenance, than a practical solution to deter hackers/intruders.
However, you can always prepare backup power for your security cameras. By using uninterruptible power supplies or UPS, your cameras will always have power, even when the main power supply is out. Another option is that you can use IP cameras that have power of ethernet (PoE) feature. Ethernet cable networks are complex, and are usually underground or behind walls, making it difficult for intruders to cut all network connections.
Second common case is that intruders can physically tamper with your security cameras. From spray-painting to smashing the camera, there are many ways an intruder can destroy your cameras. Luckily, there are cameras that are vandal resistant. While not indestructible, it can mitigate any losses from accidents or someone tampering without any tools. Lastly, this highlights the importance of having multiple cameras that overlap and cover all your blind spots. It would be difficult to disable multiple cameras at once. So, even if one or two cameras are destroyed, you should still have enough information to identify the perpetrator using the remaining cameras.
How to Know When You Get Hacked?
It is exceedingly difficult to know if someone has hacked or compromised your security system or not. The easiest case would be when someone violently rips off or paints over your security cameras. Other than that, it is very difficult for untrained people to notice any hacking activity.
From the software end, it is even more difficult to notice any hacking activity right away. A major red flag is that your security cameras and their operation performance are significantly lower. In some extreme cases, your cameras could be entirely unusable. That means you might be experiencing some sort of hacking activity.
There are options to add traffic monitoring equipment and software to your security system. During your inspection, if you see unknown devices attached to your network and draining a significant amount of traffic, there is a good chance it is a hacking event.
There is also ethical hacking software or white hat hacking consultants in the market, which some companies would employ to test their security network. It is like a fire drill for your security system during network inspection. They are risk free and will provide you feedback to improve your network security.
When And How Often to Inspect Your Security System?
If you experience any red flags mentioned above, you should do a system-wide inspection immediately, including checking your cameras and software system. You also need to update the software immediately and change your password. In extreme cases, you may have to change all your cameras.
If there is no red flag, it is a good habit to check your cameras monthly to make sure no one has tampered them, and all cameras are functioning correctly. Cameras are never 100% foolproof, and it is the owner’s or management’s responsibility to regularly check the cameras status. We recommend a monthly inspection on all your cameras.
If you have a major security system upgrade, an immediate inspection is always a smart idea. You need to make sure new hardware and software work properly with all your older hardware and software.
You need to do a system wide inspection on your entire security system at least every 6 months. Each time when you change your password. You need to check if all components in your security network work properly. Make sure there are no unauthorized personnel can tamper any of your security devices and cables. Make sure there are no malicious hardware or software behaviors. Of course, always update your software to the latest version and use a strong password.
Build a Secure Server Room for Your Security System
As mentioned earlier, having a wired network with a secure server room will make your security system stronger. The main reason is that if all your routers and switches are at a controlled location, it is easier to protect it with limited access. Even you have wireless connections outside of your server room, it will still improve your system’s security. There is another major benefit to this. If you have all your network equipment in one central location, it will provide the best connection performance. It is also easier when it comes to security inspection and troubleshooting.
Conventional Locks and Keys
If you are having all your network equipment in one location, it is straightforward that you need some fundamental physical security solutions for your server room. At minimum, you need to install one or more locks on your server room doors. In fact, there are even server cabinets that have locking doors to prevent tampering.
If you are taking your data security more seriously, electronic locks offer more security and organization. For example, you’ll see that plenty of companies use electronic locks with security badges as the key. This system makes it way easier for a company to assign different levels of access, manage who gets access and even track when the server room is accessed.
Want something even more secure? The next tier is biometric access. This method is getting more popular since all businesses are generating more digital data that they want to safeguard against unwanted access. The most common cases are fingerprints and iris scans. Hackers could easily steal an employee’s badge and gain access to your server room. On the other hand, you can’t steal or copy fingerprints and iris as easily. This effectively makes biometric access control more secure.
Interestingly, it is common for some companies to deploy both electronic locks and biometric scans. Usually, electronic locks are for the entrance and biometric for secured areas like the server room. It is also wise to install surveillance cameras around the security server room. There are also mantrap systems designed for protecting server rooms. The point being data security is becoming more and more essential to businesses. Depending on how important data security is to your specific business, there are many options in the market that will help you secure your data.
If simplicity is a crucial factor to you, you should at least consider electronic locks and surveillance cameras. In case anything goes wrong, you will have some records or logs for the investigators.
Beyond Locks and Keys
Assume you have a secure physical access to your server room and your software are also bulletproof. There are other factors you need to consider building your server room.
We mentioned backup power earlier. It can prevent your security system shut down during a power outage. It is a good option to place your backup power in your secured server room. However, cooling will be another factor for your backup power.
Besides cyber criminals, you need to consider other potential threats such as fire, flood, and vibration. Any of these could jeopardize your security system. Or intruders could set fire or flood to disable your security system. Either way, you need to construct a strong server room that could protect your data.
There are racks and cabinets specifically designed for mounting network equipment. These specially designed racks already took fire, flood, cooling, and vibration factors into consideration. They even have locks built in. If you don’t want to risk your data security, then we strongly discourage building racks in an open garage or simply mounting equipment on the wall.
Cabling is another key factor for constructing a secure server room. If you don’t properly manage your cables, they could have a negative impact on your network performance. People can trip over them. Old and poor-quality cables could overheat and start a fire as well. Therefore, you need to manage all your cables properly in your server room. The most widespread practice is to use the raised floor system. It hides most of the electrical wires and air conditioning system components. It increases safety and provides better air distribution for cooling.
Practices for Handling Security Footage
When it comes to handling security footage, it could vary so much from business to business. The best practice is that business owners should write a clear policy regarding the use and retention of security video footage. Please consult legal professionals when writing your security policy. There are clear guidelines from the government on installing surveillance system in public places and the use of the footage.
Limited Privileged Access
If you want to protect your security system, you should limit the number of privileged users and physical access to your server room. It is critical that this information needs to be clear in your policy. You cannot give access to people only based on trust. People who gain access to your security system also need this information for doing their job. Business owner should have the ability to overwrite any parts of the security system in case privileged users modified the security system intentionally or unintentionally.
Assume other parts of your system are secure, in the case of a security breach, the less privileged users, the easier the investigation. It is a smart idea to log your security system's access history. It will also be helpful to the investigators.
Security Footage Management
When it comes to storing security footage, the elephant in the room is that how much data should I be storing? Security cameras run 24/7. Video files, especially HD footage, can create exceptionally large files. And that’s just footage for one camera! If you add additional cameras, your data storage demands can increase exponentially. Furthermore, high-capacity, and high-quality hard drives are not cheap. So having a data storage policy is paramount in deciding how much storage you need. If you only hold a few days of security footage, it defeats the purpose of having a security system. Conversely, if you save all your footage for too long, the files will quickly take up valuable storage space for when you need it. So, what is the best option?
To be clear, there are no industry standards on how long you need to keep your security footage. Ideally, you should save security footage as long as you can because you can never predict when and where crimes happen. On the other hand, depending on your specific business, you can be flexible about your footage. If your business is a warehouse and you don’t expect movements within your warehouse over a certain amount of time, it is ok to overwrite some footage frequently. On the other hand, if you are running a retail store, a condo building, a school or a hospital where you have people going in and out constantly, it is better to save these footages as long as you can.
To make your system even smarter, users can delete footages where everything is still. For example, for retail stores and schools, you’ll have hours of footage during nights and holidays where nothing happens. You can easily skim this footage and remove anything useless to save storage. These days, security cameras also have motion detection features. If they detect moving targets, this footage is more valuable to store and review. Similarly, cameras at the entrances and exits would detect more movements than other parts of your business. You should prioritize saving footages from those high-traffic areas.
Privacy is a major concern when it comes to installing a security system at a workplace. Inevitably, your security camera can pick up people’s private conversations and interactions. Even if it is mundane footage, no one wants to have their footage or data accessible, especially without their knowledge or consent. Therefore, your security footage sharing, and security system access privilege become even more sensitive. If your employee’s private information leak due to security footage mishandling, even if there is no hacking activity, business owners would be legally liable for the privacy violation.
To avoid this, we mentioned earlier, only trusted individuals, who need security footage for work purposes should have access to the security system. On top of that, there should be no password sharing or access badge sharing. And lastly, businesses should regularly inform employees about responsible data use and how to keep an eye out for security vulnerabilities. For example, prevent people following you after opening an access-controlled door (tailgaiting) or be aware of unwanted eyes when inputting secure information (shoulder-sniffing). One of the best securities you can have, is a well-informed and prepared staff.
Virtual Private Network (VPN) Service
Earlier, we mentioned that you should avoid using remote access to your security system. In situations where you must access your security network remotely, you need to make sure you use a VPN service that has E2EE function and does not log your online activities. A VPN service basically masks all your online activities. In another word, this means all your online activities are only visible to you and the end user (the office or business server). This ensures your remote access to your security system stays private and protected. Keep in mind that no service is the same, but most reputable VPN services offer E2EE and no log features. When setting up a VPN for your business’s computers, it is important to follow guidelines to avoid any unwanted data loss.
Another way to protect your remote security system access is to enforce two-factor authentication (2FA). You may already be familiar with 2FA, as many passwords protected services in the market have adopted this method. Essentially, even after you input the correct password, the system will send you an additional verification code via email, text, or authenticator app. You can only access the service after inputting both the correct password and verification code. Ideally, this means hackers cannot access your system even if they managed to get your password. Your can rest knowing your system is safe from hacking, so long as your phone number, authenticator device or email is not compromised. All in all, 2FA is an easy way to give businesses the ability to further safeguard your security and network systems.
Nowadays, clouds cameras are increasingly popular as a strong alternative in providing security to your business or commercial space. Big tech companies like Amazon and Google offer clouds cameras and services to home and enterprise users. There are cloud services dedicated to security systems.
What are Cloud Cameras?
Earlier we talked about building your own storage room. You need to consider many forms of sabotage, such as fire, flood, and power outage. What happens if the intruder just rips off your cameras? Do you lose all your onboard data? On the software end, you need to think of E2EE, firewall, and remote access risks. On the other hand, cloud cameras alleviate all these concerns.
Unlike traditional security cameras, cloud cameras are continuously connected via internet, to an offsite server managed by the provider of your choice. Instead of investing in large hard drives, cloud cameras will only locally store around days worth of footage for quick review. What about the rest of the footage? They will automatically be uploaded to the cloud service in real-time. No more concerns about where to install a server and no more worrying about running out of storage data. Plus, with the correct password and/or 2FA can easily access and review all your security footage on the provider’s easy to use programs. In fact, providers like Ava Security even provides additional perks like easy remote view, access control integrations, 24/7 surveillance monitoring, AI tracking and much more.
Cloud Cameras vs. Building Your Own System
From a simplicity standpoint, employing a cloud solution is a great alternative to building your own security system. When you are building your own system, it can be more complicated maintain everything on your own after the install. However, it gives you a great deal of freedom and control to your security system, so that you can tailor the service to your business needs.
In terms of security measures or user experience, using a cloud camera system is similar to using a bank for your finances. Sure, you can personally hold and manage your physical cash, but keeping funds in a bank is easier and offers additional services like credit cards or savings accounts. With cloud cameras, users do not need to know all the security measures on the backend. All users need to do is to learn the UI and programs and manage their cameras and footage in the cloud.
Using a reputable and professional cloud camera system like Ava or Verkada, they will handle all the crucial and complicated backend tasks for you. Users never need to worry about backups, encryption configuration, firewalls, software updates, or any new features that will come to the market in the future. Clouds cameras like AVA or Verkada, they provide a fully serviced security system with little personal maintenance. Their camera systems provide additional security features like AI object tracking and instant notifications. The most you’ll manage is a complex password and making sure no one gains unauthorized access to your security system.
At the end of the day, it is nearly impossible to eliminate hacking activities completely. Unfortunately, large companies potentially lose billions of dollars in losses annually due to hacking events. Luckily, by creating strict guidelines for server access and using data responsibly, you can mitigate the chances of getting your system hacked or disrupted. The last thing you need is for your security system to work against you or fail when you need to access it the most. Whether you manage your own security cameras and server, or subscribe to cloud camera services, it is important to understand your security system for the best results. We at Panopticon only chooses the highest quality cameras and security systems to ensure that you can trust your network and dedicate more energy in running your business. If you want to secure your business, don’t hesitate to call us 416-613-8828 or firstname.lastname@example.org