The security of your surveillance system is only as strong as its weakest link…but how likely is that to be your IP cameras? Here are some key factors to bear in mind when evaluating the security of your IP cameras.
The security of your surveillance system is only as strong as its weakest link…but how likely is that to be your IP cameras? Hackers are increasingly targeting IoT devices like IP cameras. In fact, the number of IoT cyber-attacks worldwide was estimated to be more than 112 million in 2022.
Here are some key factors to bear in mind when evaluating the security of your IP cameras.
Good cyber hygiene practices will help to keep your IP cameras secure. Something as simple as not changing default passwords could cause a security breach. Always change default credentials to strong, unique ones and follow password-strength best practices.
Also, look out for cameras that are secure-by-default out of the box when selecting your IP camera manufacturer. This means the camera’s default settings have been created to be cyber-secure, without additional configuration. This will actually force a password change on boot-up.
When choosing IP cameras, it’s essential to ensure they use a secure-by-design approach. This means that cyber security considerations are ingrained into every aspect of the design from the beginning – from the authentication safeguards in place to how products are tested before launch – to create inherently secure devices.
Part of evaluating camera design also involves looking at the origin of its components to ensure these are in line with legislative requirements around national security. For instance, elements of NDAA legislation (US law), which prohibits the use of parts from countries such as China, are increasingly reflected in public space surveillance requirements elsewhere – including the UK.
Data encryption has a significant impact on IP camera security. Data should be scrambled and only able to be decoded by authorised individuals to protect sensitive information.
Data that’s ‘at rest’ and stored at the edge – stored onboard the camera itself – should be encrypted so it can’t be extracted for nefarious reasons.
Data must also be encrypted whilst ‘in transit’. It’s common for surveillance footage to be stored in the cloud or viewed on apps and web interfaces. This journey to the cloud presents a potential vulnerability for hackers. IP cameras should support encryption (HTTPS) to secure the data transmitted from the camera to storage and viewing devices. Read more about specific encryption requirements.
Hackers are always evolving their techniques and approaches. This means outdated firmware can leave cameras susceptible to hackers. Regular firmware updates are, therefore, crucial for fixing security vulnerabilities.
Be mindful that between your organisation, your supplier, and your integrator, updating firmware can be the type of task that falls between the cracks. A good supplier will notify you of any patches required, but it is your responsibility to ensure these are completed.