It’s not always front page news, but you may have seen recent stories where hackers have breached digital signage systems—either as a prank, for a cause, or for damage. Like the one where restaurant employees used a digital menu to play on their Xbox while the restaurant was open. Or several instances of hackers casting vulgar images onto very public digital signs. Your reputation is at stake here.
What can you as an company do to insure your content remains safe and protected? The best strategy is to talk with the professionals. Here are a few things to keep in mind as you work to develop digital signage security strategies:
While most of us think of hacks as a remote attack from literally anywhere on the globe, don’t neglect physical network vulnerabilities in your digital signage security protocols. Digital signage is inherently public, so first, keep all public players in a tamper-proof enclosure, ideally out of sight. Installing cameras to catch culprits in the act of attempting to do harm is another safeguard to consider. You will also want to work with your AV provider to make sure all PC ports and connections are secured. In order to prevent the boot order from being changed, they should also protect the password on the BIOS.
Hackers can persist even after the latest software patches and updates are installed. That’s why testing for vulnerabilities needs to be regular and ongoing.
Wherever possible, an AV provider should use applications that add a layer of encryption to data. With encryption, even if data is stolen, it is protected. They should also make sure that the solutions they bring are using secure protocols. HTTP and FTP do not meet the mark for storing and securing critical information.
A worst-case scenario is hackers posting their unwanted content onto your digital signage. To remedy this, ask for software with client-pull technology, and disable listening on all ports. Make it difficult or impossible for those who are not supposed to post.
Service Level Agreement
A Service Level Agreement (SLA) is a must-have for managing digital signage security. An SLA should give you peace of mind as well as cover your bases when outsourcing security services to someone else. Elements to include:
Timeframe for fixing problems
With your reputation at stake, customer satisfaction should – as ever – be your number one priority. So a service agreement that spells these things out should be a source of reassurance for you and your provider, and can act as a reputation-builder for them as well.
What is Your Threat Model?
One big question to ask yourself is, “who am I defending this installation against?” The threat you defend against will determine the threat model. You and your AV provider will employ some strategies to ward off bored teenagers being a nuisance, and other strategies for more dedicated hackers, still others for a criminal enterprise who sees your business as a prime target.
The solutions are not always simple, and as with any other endeavor, you get what you pay for. Shortcuts in the short run can lead to bigger headaches in the long run. Digital signage security is all about managing risk and managing reputation. The experienced consultants at Conference Technologies can help you design a security plan to fit your needs.
With safeguards and protocols in place, the task should be manageable, and above all else, you will know that CTI is always working to protect your interests and business success.