Cybersecurity Best Practice: Check Your Physical Security Devices

The Akamai 2023 State of the Internet report revealed that retail continues to be the most targeted industry for cyberattacks, accounting for over 14 billion observed incursions. Risks from cyber threats including fraud, account takeovers, malware, ransomware, compromised business emails and data breaches all begin with an initial breach. Any device connected to a retailer’s network — whether it’s a smart IoT thermostat, an access control sensor or a computer — is a potential gateway for cybercriminals to access private data stored on servers connected to that network.

Because security cameras, access control systems and automatic license plate readers are there to protect people, products and premises, they are often overlooked as a source of vulnerability. Physical security systems are a common blind spot — and a potentially dangerous one. IT and security teams should work together to ensure the cybersecurity of physical security systems against threats.

Common Vulnerabilities

Any device connected to the internet has the potential to become a cybersecurity vulnerability. However, some devices have well-known flaws. They can open a gateway into your networks or insert malware or ransomware into a system.

For example, the National Defense Authorization Act (NDAA) has blacklisted some brands of surveillance cameras and digital video recorders (DVRs). Anyone doing business with the U.S. government is forbidden from using these products that have known vulnerabilities. The devices are known to have the potential risk of being easily hijacked and used by bad actors, spreading to other systems within the institution’s network.

An easy tip to reduce your exposure to cyber threats is to follow the government guidelines. Include them as clear policy directives in your company’s cybersecurity playbook. Even if you’re not doing business with the U.S. government, following their lead on cybersecurity protocols allows you to leverage advice on best practices from their experts.

Reputable physical security software companies maintain up-to-date lists of authorized partners who have been vetted for cybersecurity. Always choose devices manufactured by a reputable vendor endorsed by industry leaders with a strong track record of cybersecurity.

Protect Your Networks from Cyber Breaches

It’s a good practice for retailers to audit their network security periodically. Verify that all devices are secure, properly installed and password protected. Organizations often add hardware over time, so an audit is useful to know your system, its components and your vendors.

In addition to auditing equipment, retailers should review cybersecurity policies. Ensure all team members from cashiers to managers are aware of best practices to follow. This isn’t a one-time exercise: cybersecurity threats are continually evolving, and retailers must regularly review and update their strategies to stay ahead of cybercrime trends.

Many retailers find that transitioning to a unified cloud or hybrid cloud system makes it easier to keep up to date with cybersecurity requirements. This is because the software vendor shoulders some responsibility for software updates and patches. Reputable security software companies will have dedicated cybersecurity resources to monitor threats, issue recommendations, update systems and support your team. They can help your team respond efficiently and effectively in the event of a breach.

For IT teams, moving to a single unified security platform makes it much easier to manage and upgrade hardware over time. Look for a system with end-to-end encryption and multi-factor authentication to ensure both cyber and physical security standards are met. Choose a vendor with the flexibility to work with on-premises or hybrid deployments. That way you can transition to the cloud at your own pace if desired.

Securing your Security System                                                  

Modernizing your security system can be costly, and these decisions now involve many departments. Your system should offer more than a heightened view of security. It should increase efficiency and scalability across departments with a strong cybersecurity foundation.

When all your physical security devices are connected by one unified system, you get a better picture of the security of your entire system. Built-in dashboards make it easy to monitor firmware status and keep on top of cybersecurity housekeeping within one intuitive platform. You can combine video monitoring, access control, license plate recognition, intrusion detection, analytics and more into a single interface that helps report any vulnerabilities.

Your unified system can even streamline access rights management in one central platform. Automated security policies and scheduled compliance reviews lighten your security team’s workload while reducing the potential for security breaches caused by credential abuse. A unified software platform supports IT and security teams to ensure data is properly encrypted and accessible only to properly authenticated users.

Securing your retail operation today means more than installing cameras and protecting perimeters. It also means choosing security systems that are developed with cybersecurity in mind from the ground up.

Hardening your security system against cyber threats isn’t a burden to carry alone. Cybersecurity is a shared responsibility. It is led by IT and security teams and supported by software vendors and hardware partners, with staff at every level contributing. By combining efforts, your retail operation can have a strong cybersecurity posture to protect your product, people and premises.

Scott Thomas is National Director, Signature Brands, at physical security company Genetec. He and his team work with organizations in the retail, financial, hospitality, gaming and cannabis industries via Genetec’s network of system integration partners. Thomas is a member of the Loss Prevention Magazine Advisory Board.