Without a common understanding of the complex components of cybersecurity and privacy, a conversation around such topics can be difficult, frustrating, and unproductive. Both cybersecurity and privacy are broad and deep fields, so it is helpful to break them down into their key elements.
First, cyber refers to cyberspace and the many networks that make up our modern digital world. Security is the practice of protecting people and things from unauthorized access. Cybersecurity is merely securing and protecting our cyberspace. With that in mind, let's dig into networks, connected devices, and data as they relate to cybersecurity and privacy.
The Network and Connected DevicesThe network is the core of all connected systems, so it is vital to think critically about network security. Client requirements on security, performance, and budget dictate the appropriate firewalls, routers, switches, and wireless products for a project. Once the proper network infrastructure is in place, each component must be configured appropriately and kept up to date.
We are in a revolutionary moment in the Internet-of-Things (IoT) as anything that can be connected is connected. The continued explosion in the number of connected devices means it is increasingly important to consider security when choosing, installing, and servicing devices. Many of the IoT devices are less secure than traditional IT devices because of a lack of system resources, making them an easy target for cybercriminals. With the swarm of connected devices in the world, bad actors are specifically targeting these devices for ransomware attacks and botnet infection. It is important to note that even though the devices are often behind a firewall, once one is compromised, it can become a gateway to other devices on the internal network.
As our physical and connected worlds collide, cybersecurity becomes even more critical to protect people and property. For example, if a device such as a connected household appliance is compromised, it has the potential to cause physical property damage or even harm individuals. It is of growing importance to ensure the devices we are selling, installing, and supporting follow industry best practices regarding cybersecurity. As part of an integrator's best practices, we must consider the expected lifetime of the device, how long the manufacturer plans to support firmware updates, and how quickly the device can be updated when a security flaw is exposed.
For CEDIA integrators, it is imperative to consider the privacy of client information.
Data and Privacy
The devices installed on client networks also generate and store data. The data may contain proprietary or sensitive information such as usernames, passwords, or intellectual property. Therefore, it is essential to secure the information. Assuming we have taken the appropriate steps to secure the generating and receiving devices, we must also take care to secure the data during transmission and storage. For starters, we must ensure that the systems used to store the information remain secure. The data must also be appropriately encrypted using current standards.
For CEDIA integrators, it is imperative to consider the privacy of client information. As devices such as IP-enabled cameras become more common, they can potentially crush a client's sense of personal privacy and safety if an unauthorized person gains access. Privacy introduces another dimension to the security conversation. We need to distinguish privacy from security, especially when it comes to applying our limited resources. For instance, there is value in educating clients on safer online behavior to keep them more secure and their information more private. Some of this is inherently the responsibility of the integrator. Still, much of it is optional, such as what personal information a client should share on social media.
The topics of cybersecurity and privacy are closely related but very different. When determining where to invest time and money, integrators should remain focused on their clients' and business' best interests. Remember, anyone can iterate and expand offerings over time.
"Where do I start?" is a question I've received many times in years of conversation around cybersecurity and privacy. Our next blog will introduce a process you can follow to begin bringing stronger cybersecurity practices to your clients' systems. These touches don't stop with blogs. CEDIA is expanding its education and options for accessing training across all of its platforms.
About the author: Mike Mansicalco is a longtime CEDIA instructor and volunteer who co-founded the remote monitoring firm Ihiji.