Maintaining Your Cybersecurity

Today’s security networks have evolved from where they were 20 years ago. With these changes, we have seen many amazing advances in the technology and the connectivity between the systems which comprise today’s complex security systems. Through these advancements has also come concerns on how we secure these systems and the data within them. As we look through the headlines, it seems a new data breach or network vulnerability is exposed daily, and this is why securing our system should be a top priority.

In cybersecurity, many refer to the three pillars for security, which are confidentiality, integrity, and availability. But what do these pillars represent, and how do we address these? Confidentiality is often considered the primary goal of security. To maintain confidentiality, the system and data should only be accessible to authorized users. To address the concern or integrity, the system should employ functions to ensure the data is untampered and accurate. Finally, if a system is not available, then this can create additional risks for a company, which is why the systems should provide safeguards to provide access for authorized users to the data and system resources when they need it.

Like other IT systems, there are some similar components found in the security system, and we can apply the security capabilities in a similar fashion. In a typical security network, the components which should be secured are the endpoint devices, the network, and the data.

When addressing endpoint security, we need to look at devices such as cameras, recorders, and workstations. Each of these points represents a means to access the overall security system. The first line of defense for these devices should be implementing strong passwords and disabling default user accounts. Next, these devices should be regularly updated. While updates for cameras, recorders, and workstations may provide new functionality, they will often include fixes to known vulnerabilities found in these systems or implement new security functionalities. Additionally, many devices come enabled with a host of services that can be used by the customer. If these services are not used, then they should be disabled to minimize exposure on the network. Finally, logging of the endpoint devices and regular audits can reveal unexpected behavior or potential vulnerabilities in these devices.

As we move from the endpoint to the network, we need to identify how we can fortify the security network from cyber threats. The biggest concern with network security is access. Network resources, such as switches and routers, should be located in secure spaces where physical access is controlled. Further, if the system architecture permits the security system should be isolated from the corporate network. Segmentation can be achieved either by physically isolating the networks or by segmenting them through Virtual LANs. There are even technologies such as MAC filtering or 802.1X, which will only allow access to authorized devices.

Finally, to protect the data within the security system, we can take the following steps. First, defining user access to the system data is critical. Even though user access to the system may be controlled, when watching the video, users may use a personal electronic device to capture the data displayed on their screen. Implementing a “no personal electronic device” policy will further protect from data breaches. In the event data needs to be exported from the system, it should be done in an encrypted method. This safety measure ensures the data remains protected, and only an authorized user can decrypt the data for use.

Securing your security system should be a top priority, and it can be achieved with planning and proper implementation. Even with this, the system should be reviewed regularly to ensure the latest patches are applied, the security plan is in place and operational, and any new equipment or system integrating with the system meets the minimum standards in place for your system. These simple steps will help in maintaining your cybersecurity.

About the Author

Chris Garner is a product manager with Salient Systems.

Featured

  • Live From ISC West: Day 2 Recap

    If it’s even possible, Day 2 of ISC West in Las Vegas, Nevada, was even busier than the first. Remember to keep tabs on our Live From ISC West page for news and updates from the show floor at the Venetian, because there’s more news coming out than anyone could be expected to keep track of. Our Live From sponsors—NAPCO Security, Alibi Security, Vistacom, RGB Spectrum, and DoorKing—kept the momentum from Day 1 going with packed booths, happy hours, giveaways, product demonstrations, and more. Read Now

    • Industry Events
    • ISC West
  • Visiting Sin City

    I’m a recovering alcoholic, ten years sober this June. I almost wrote “recovered alcoholic,” because it’s a problem I’ve long since put to bed in every practical sense. But anyone who’s dealt with addiction knows that that part of your brain never goes away. You just learn to tell the difference between that insidious voice in your head and your actual internal monologue, and you get better at telling the other guy to shut up. Read Now

  • On My Way Out the Door

    To answer that one question I always get, at every booth visit, I have seen amazing product technology, solutions and above all else, the people that make it all work. Read Now

    • Industry Events
    • ISC West
  • Return to Form

    My first security trade show was in 2021. At the time, I was awed by the sheer magnitude of the event and the spectacle of products on display. But this was the first major trade show coming out of the pandemic, and the only commentary I heard was how low the attendance was. Two representatives from one booth even spent the last morning playing catch in the aisle with their giveaway stress balls. Read Now

    • Industry Events
    • ISC West

Featured Cybersecurity

New Products

  • PDK IO Access Control Software

    PDK.IO Access Control Software

    ProdataKey now allows for "custom fields" within the interface of its pdk.io software. Custom fields increase PDK's solutions' overall functionality by allowing administrators to include a wide range of pertinent data associated with each user. 3

  • Tyco Kantech EntraPass security management software

    Tyco Kantech EntraPass security management software

    Johnson Controls, the global leader in smart, healthy and sustainable buildings, and architect of the Open Blue digital connected platforms, has released the newest version of the Tyco Kantech EntraPass security management software. 3

  • Unique Oversized ID Card Printer

    Unique Oversized ID Card Printer

    Idesco Corp. is announcing its card printer – the XCR100 2.0 printer- that allows customers to personalize oversized ID cards on demand. The printer is ideal for assisting healthcare organizations find the right badging solution. As healthcare facilities continue to combat the spread of COVID-19, issuing oversized ID cards has helped identify staff clearly while adding an extra layer of security. The XCR100 2.0 printer is the only dye-sublimation printer on the market that can personalize CR100 cards (3.88" x 2.63"). The cards that are 42% larger than the standard credit card size. The printer can produce up to 180 full cards per hour in color, and up to 1,400 cards per hour in monochrome. An optional flipper is available to print dual-sided badges in one pass. Contactless encoding comes as an option to help healthcare facilities produce secure access badges on demand and the card printer features a 2-year warranty. 3