Need to Know: Cybersecurity and AV

Need to Know: Cybersecurity and AV

Now that AV is consistently placed on the network, it is paramount that installers, integrators, and end users take extra care to ensure these devices don’t create vulnerabilities in enterprises’ security. With AV innovations and confidential information on the same network, how do we ensure the performance of the former doesn’t compromise the integrity of the latter?

Find out more about cybersecurity.

First and foremost, AV professionals need to remember that network security is a large concern that should be considered at the earliest stages of system design. Private data—think employee social security numbers—is held on corporate servers, right alongside AV on the network. Not in an office? Those with technical skills and malicious intentions can create embarrassing situations for integrators and installers. Remember that time someone hacked a large touchscreen at Washington, DC’s Union Station and visitors were exposed to several minutes of adult videos in the middle of rush hour?

John Pescatore, director of emerging security trends at the SANS Institute, thinks AV pros should remember the basics: ensuring information AV systems are continuously updated and security controls are only accessible by authorized users. For sensitive systems, he cautioned, “authorized users should be required to use strong authentication, and not just reusable passwords.”

“Quite often, phishing attacks target system administrators and obtain their passwords—and the attackers are off to the races,” said Pescatore. “Strong authentication can be as simple as requiring receipt and entry of a text message in addition to a password, or require the use of a hardware token, like a USB key.”

A vital aspect of security is communication. All stakeholders should sit down together to discuss the goals of the AV systems, potential implications for security, and how the AV devices will be managed. Once devices are chosen, Pescatore says to “ensure manufacturers have a documented process for providing software updates, and make sure you have a process for rapidly installing the updates; generally, these should be installed in one week or less.”

Another workaround for AVoIP is to keep the products on an isolated network; Pescatore recommends using a firewall to provide only minimum access and to log all connections.

When it comes down to it, there’s no one-size-fits-all for network security. Integrators, IT professionals, and end users need to work together to determine what is the best solution for every single installation.

Find out more about cybersecurity.

Need to Know More?

Have a burning question about cybersecurity — or maybe request for a different topic you’d like to see us tackle? Email us at and we’ll put our top minds on it!

More from Future on cybersecurity:

Megan A. Dutta

Megan A. Dutta is a pro AV industry journalist, and the former content director for Systems Contractor News (SCN) and Digital Signage Magazine, both Future U.S. publications. Dutta previously served as the marketing communications manager at Peerless-AV, where she led the company’s marketing and communications department. Dutta is the recipient of AVIXA's 2017 Young AV Professional Award and Women in Consumer Technology's 2018 Woman to Watch Award. Dutta is co-founder of Women of Digital Signage, an organization designed to provide a pathway to promote networking, mentoring, and personal growth.