Request a quote
Apply now
Surveillance Cameras in RI

Protect Your Surveillance Cameras

June 27, 2018
Cyber Security
Did you know cyber-thieves can breach your surveillance camera system if not secured correctly?

Surveillance Cameras serve as a point of entry into the IP network of organizations of all types. As an IP based device and without proper measures to protect them, hackers can use them to shut down surveillance or to tap into the organization’s data. Both represent real risks that need immediate attention.

The good news is that there are immediate, high impact measures that security professionals can implement and architect to ensure your camera system is safe & secure!

If you have cameras or you’re preparing to install a new system, here are some tips you should be educated on:

  1. Camera Passwords ARE Important

    If your security cameras still use the default manufacturer password or a weak, common password, you are at immediate risk for a security breach. Hackers can write programs that will attempt hundreds of passwords in the blink of an eye. If your passwords aren’t updated regularly with significant difficulty, you are making it even easier for hackers to take down your cameras.

    Try utilizing a Secure Password Generator for creating strong passwords.

  2. Lock Down your Network

    Because cameras are often located in unsecured places around the perimeter of a building or in hallways, it is essential to ensure that your cameras are the only devices that can communicate across your network. Your network has a feature called MAC Binding that configures each network port to only accept the specific, unique MAC address from the camera bound to that port. This way, if a hacker tries to replace the camera with a laptop, the network will reject the communication. Seek tools to make this management easy and ability to upgrade.

  3. Isolate Your Cameras

    Don’t put cameras on the same corporate network as your workstations. Isolate your cameras with a Virtual LAN (VLAN) so that the only thing that can talk to them is the Video Management System (VMS).

  4. Don’t Ignore Unusual Events

    Take note of even short outages or sudden camera reboots. These small, seemingly insignificant events can indicate security breaches, such as foreign firmware uploads or hacker devices being introduced to the network.

  5. Two Operators equals Less Risk

    Your cameras should be set up with two logins the same way that your computers are set up; one login is a user with limited privileges, the other is an administrator with full access. The camera admin login should be used rarely for updates, and the user login should handle everyday tasks, like streaming video. That way, the more commonly used login cannot do as much damage if it falls into the wrong hands.

  6. Purchase Cameras from Companies with a Reputation for Security

    Not all camera brands are created equal. The security of certain brands and cameras with certain countries of origin have been questioned. Reputable companies should be on the forefront of security concerns, and have rapid response time to vulnerabilities. Do your research before a major system purchase.

For additional information on Secure Surveillance Cameras, please contact us below, we are always glad to assist!

[Form id=”12″]

0
Read More
World Trade Day SecurityRI.com

SecurityRI.com x Bryant University – World Trade Day 2018

May 1, 2018
Events

World Trade Day 2018 Will Address Technology in Global Trade at Bryant University

 

SecurityRI.com is proud to announce our technology team will be attending and speaking at the 33rd Annual World Trade Day: Technology in Global Trade on Wednesday, May 23, 2018. World Trade Day is presented by the John H. Chafee Center for International Business and is one of the region’s largest international business conferences, with more than 500 industry leaders and business executives expected to attend.

As Bryant University states – “Each year at World Trade Day, keynote speakers, workshops, and panel discussions provide high-level insights and thought-provoking discussions on future trends and economic drivers. With this year’s focus on Technology in Global Trade, experts will discuss innovations in manufacturing including robotics, drones, and other technological advancements. Attendees will learn about the use of big data and analytics to drive strategic decision making, as well as ethical considerations in data mining practices. Other featured topics include block chain technology, cybersecurity, and global logistics.”

World Trade Day 2018 SecurityRI.com

Our topic / focus will touch upon:

  • Security & Compliance Management
  • Complete IT / Risk Assessments
  • Cyber Security
  • Data Protection
  • and More

In closing, the goal of World Trade Day is to bring together experts and leaders to share knowledge, vision, and opportunities for growth and success within the global marketplace. That’s why SecurityRI.com has been invited to advise on the complex issues associated with both personal and sensitive business data, including its collection, use, storage, disclosure, transfer and destruction.

If you have any questions regarding the event, please contact us or comment below.

Thank you.

0
Read More

Penetration Testing vs. Vulnerability Assessment: What’s the Difference?

February 27, 2018
Penetration Testing

Penetration Testing and Vulnerability Scanning are often confused as the same service. The problem is, they have their differences and are not the same. Let me explain how they differ:

Vulnerability Assessment

Vulnerability Assessment is an inspection of the potential points of exploit on a computer or network to identify security holes.

A vulnerability scan detects and classifies system weaknesses in computers, networks, communications equipment and predicts the effectiveness of countermeasures. A scan may be performed by an organization’s IT department or a security service provider, possibly as a condition imposed by some authority. The vulnerability scan involves the use of automated network security scanning tools, whose results are listed in the report. As findings reflected in a vulnerability assessment report are not backed by an attempt to exploit them, some of them may be false positives.

Client Note: A solid vulnerability assessment report should contain the title, the description and the severity (high, medium or low) of each vulnerability uncovered. A mash of critical and non-critical security weaknesses would be quite puzzling, as you wouldn’t know which vulnerability to patch first.

Penetration Testing

In contrast to vulnerability scanning, penetration testing involves identifying vulnerabilities in a particular network and attempting to exploit them to penetrate into the system.

The purpose of penetration testing is to determine whether a detected vulnerability is genuine. If a pentester manages to exploit a potentially vulnerable spot, he or she considers it genuine and reflects it in the report. The report can also show unexploitable vulnerabilities as theoretical findings. Don’t confuse these theoretical findings with false-positives. Theoretical vulnerabilities threaten the network but it’s a bad idea to exploit them as this will lead to DoS.

Client Note: At the initial stage, a reputable provider of penetration testing services will use automated tools sparingly. Practice shows that a comprehensive penetration testing should be mostly manual.

During the exploiting stage, a pen-tester tries to harm the customer’s network (takes down a server or installs malicious software on it, gets unauthorized access to the system, etc.). Vulnerability assessment doesn’t include this step.

Penetration testing vs. vulnerability assessment at a glance

Which lays bare the differences between the two techniques:

How often to perform the service?

Vulnerability assessment: Once a month. Plus an additional testing after changes in the network.

Penetration testing: Once a year, at the least

What’s in the report?

Vulnerability assessment: A comprehensive list of vulnerabilities, which may include false positives.

Penetration testing: A “call to action” document. It list the vulnerabilities that were successfully exploited.

Who performs the service?

Vulnerability assessment: In-house security staff or a third-party vendor.

Penetration testing: A provider of penetration testing services.

What’s the value of the service?

Vulnerability assessment: Uncovers a wide range of possible vulnerabilities

Penetration testing: Shows exploitable vulnerabilities.

The choice of vendor

The differences between vulnerability assessment and penetration testing show that both information security services are worth taking on board to keep your network & computer infrastructure safe. Vulnerability assessment is good for security maintenance, while penetration testing discovers real security weaknesses.

It’s possible to take advantage of both services only if you contract a high-quality vendor, who understands and, most importantly – translates to the customer the difference between penetration testing and vulnerability assessment. Thus, in penetration testing, a good vendor combines automation with manual work and doesn’t provide false positives in the report. At the same time, in vulnerability assessment, the vendor uncovers a wide range of possible network vulnerabilities and reports them according to the customer’s business.

0
Read More
Reduce Human Error in your business

Human Error: Understand the IT Threat

December 12, 2017
Security Best Practices for Businesses

With over 90% of all cyber security breaches due to human error, it’s safe to say that mistakes in the workplace are more than costly. So what mishaps are your end users making, and what exactly are the repercussions to your organization? 

 

Many of the successful security attacks from external attackers who are preying on human weakness, waiting patiently for employees to be lured into providing access to sensitive information. Their human errors can be incredibly costly, especially since the insiders involved have access to a host of sensitive data.

One of the greatest impacts of a successful security breach is the exposure of this kind of information, loss of intellectual property and the infection of malware.

The Threat of Human Error

 

One of the most common mistakes made by employees, is sending sensitive documents to unintended recipients. This is relatively easy to solve when deploying security controls to monitor sensitive information being leaked from your organization.

These controls were once considered complex to deploy, but have now been made considerably easier to implement by vendors in recent years. This has dramatically reduced the level of user involvement required and increased the use of such controls.

These tools can also:

  • Prevent users from engaging in inappropriate behavior
  • Eliminate sending documents home via email, placing them on file-sharing sites or removable media such as USB sticks

See how the growing culture of bring-your-own-device (BYOD) exposes additional major concerns, especially with the risk of lost or stolen mobile devices. Again, technology vendors are available to help companies control what happens to data stored on such devices, even allowing sensitive data to be remotely wiped – so that it doesn’t fall into the wrong hands.

Even the most trusted and highly skilled employees run major risks of human error. System and network administrators are commonly guilty of incorrect system configurations, poor patch management practices and the use of default names and passwords. There are numerous security controls that organizations can explore to guard against these types of threats.

0
Read More
Quick Links
Services
Locations

Corporate Headquarters
58 Waterman Avenue - North Providence RI 02911

MA Office
14 Holly Lane - Westport MA 02790

Toll Free: (888) 219-5296
Local: (401) 231-8130

Operating Live 24∙7∙365