Security Briefing from Cyber Security Experts
Hacking the Boardroom
The vulnerability of boardroom technology was recently highlighted by Rapid7’s Mike Tuchen and HD Moore. They demonstrated how easy it was to hack into the boardrooms of many large organizations. These included leading oil and pharmaceutical companies, venture capital companies, law firms and even Goldman Sachs. They were able to quickly and fairly easily infiltrate their video conferencing systems and have full control and access of the cameras and audio. That is cause for major concern.
To put the issue into perspective, they found more than 5000 vulnerable boardrooms in less than 2 hours. They were all significant companies that surely do not want their boardroom meetings and discussions compromised.
They were able to view video feeds, listen to audio and control cameras in order to move them, zoom in and view and listen to anything going on in the boardroom.
Other examples that have come to light include the United States Chamber of Commerce. They discovered that their thermostat and printer had been compromised and were sending data to an IP address in China. This was discovered in late 2011 and only after it had been in place for more than 6 weeks.
Why boardrooms are vulnerable
The reason so many of these systems are vulnerable is because the encryption and security features are often disabled or not correctly set up. In many cases, the equipment is installed outside of company firewalls. The conference phones or video conferencing system is often configured to automatically answer incoming calls making them even more vulnerable.
These settings and configurations are often done in the interests of convenience but leave the boardroom highly vulnerable. It is the responsibility of all staff and all companies and organizations to understand the risks and take all reasonable measure to protect privacy in the boardroom. The first step is to understand the threat and the above examples clearly indicate how serious this is.
In addition, there are the board members themselves. Boards are (or should be) well aware of cybersecurity because it has been shouted at them from their inside IT experts as well as from a plethora of outside interests, and that is where they have focused. Which may explain much. Nancy May, CEO of the BoardBench Companies, and a well-cited and published governance expert, weighed in on this: “Many forget that while Directors are drawn from the most talented and experienced business professionals out there, they are still, at their core, human. And we, as humans, often fail to focus on what is right in front of us. Many issues are never addressed by companies or boards, because they were right under our noses, and assumed to working as we intended.”
Securing your boardroom
Fortunately, it is not too difficult to secure the equipment in the boardroom. Most of the video conferencing equipment and conference phones have security features. This first step is to install it behind the firewall and use a “gatekeeper” to secure the connection. Make sure all live streaming is encrypted and only authorized persons have access to the system and security.
It is advisable to have the equipment installed by experienced professionals. Use the encryption technology and security features such as auto mute when not in use, password protection and disabling the auto answer feature. It is advisable to lock the cameras when not in use and use lens covers.
Lastly, ensure the equipment forms part of your security monitoring and testing and is checked regularly. Resources need to be allocated for this purpose. It should be monitored for security and vulnerability and you should know immediately if the conference room network or video conferencing has been breached. If a breach does occur, it should be possible to instantly isolate the system.
When important meetings, board meetings, state of the union or any sensitive meetings take place external access needs to be carefully monitored.
Leaving boardroom equipment unsecured is extremely risky and leaves sensitive and confidential information highly vulnerable. eXstream Security can help you to monitor and secure your boardroom Our security experts can help you give us a call or visit www.exstreamsecurity.com
July 11, 2018
February 25, 2018
February 25, 2018