Search

Security Risk of Huddle Rooms — Yes, It’s Very Real

security risk of huddle rooms
Getting your Trinity Audio player ready...

The Security Risk of Huddle Rooms is a Very Real Risk

We have all seen the headlines. Target was hacked, Experian was compromised. No one seemingly seems to think it can happen to them. Yet there are thousands of network security threats that exist throughout every corporate building; the huddle room. While commonplace in the workplace today, the security risk of the huddle room as a threat vector is often overlooked.

Why Huddle Rooms Are Threat Vectors

Security expert, Theresa Payton, says “people often forget about the hardware as a potential threat vector.” The servers and inbound internet traffic aren’t the only culprits. What you bring into the office also creates a threat vector.

Today’s huddle room is a simple meeting and collaborative space. Typically, the room will have a TV or display of some sort, table, and connections for laptops. There will also be wired or wireless network access. Computers, mobile devices, and USB drives are plugged in, connected, and used to present and collaborate. But, do you know where those devices have been, what malware might be lurking on them? Chances are good the answer is a resounding no. So yes, the security risk of huddle rooms is a very real risk.

Network Vulnerabilities in Huddle Rooms

As mentioned above, when you bring devices into a space and connect them, without knowing or controlling anything about those devices, your network is vulnerable as a result. There are other threats as well. For instances, researchers have discovered hacking a system with the HDMI connection. While this is  a relatively difficult process, that does not mean it hasn’t been done.

There are also vulnerabilities in-room control systems. The most recent exposed security flaw was at Defcon demonstrating how to hack a Crestron control system. Crestron had already released a security patch for that specific vulnerability, but if a system wasn’t updated and teh security patch installed, well, there’s a problem. The wired network connection is also a possible threat vector.

How to Minimize the Security Risk of Huddle Rooms

So how do you minimize the security risk of huddle rooms? Here are some suggestions.

Vendor Collaboration. Collaboration is key, ironic, as huddle rooms are inherently designed to facilitate collaboration. But in this case, the collaboration necessary is with your vendors. Work closely with your vendors to maintain firmware, which are critical with these systems. As vulnerabilities are discovered, the manufacturers work to fill those holes through software and firmware patches. But software and firmware patches only work if they’re applied.

Minimize Physical Connections. The security risk of huddle rooms is often innocently compromised by things connected to the network. When you can minimize physical connections within the room, it helps keep the network safe. This is a challenging task, to be sure, but advisable.

How do you accomplish that? Instead of deploying several network connections in a room, set up a more robust wireless system. Wireless networks allow for more security and control. In addition, companies can roll out several guest networks that will constrain non-employees to only certain areas of the network. And then there is the wireless video transmission.

Wireless Video in Huddle Rooms

Wireless video functionality can help not only mitigate the risk of huddle room security, but add a new level of collaboration capabilities that teams love. Wireless video systems in huddle rooms allow you to “throw” your presentation or collaboration workspace onto the TV in the room. However, how that video ‘gets there’ is what determines the potential threat. So in any discussion about security risks of huddle rooms, if you’re using wireless video, knowing the inherent risks this wireless connection presents is critically important.

USB-connected devices like the Barco ClickShare provide a wireless connection to the screen. The ClickShare “puck” acts as the mediator between the user’s computer and the TV through the USB connection. A piece of software is installed on the device when it’s plugged in, with the puck allowing for the transmission. However, USB connections are notoriously insecure. As a result of this network security threat, we are seeing instances of the U.S. government and some hospital systems locking down USB connections and not allowing their use.

Wireless presentation systems like Via or Mersive use the company network, or a special network, to present. The software lives on the users’ laptops or mobile devices and can detect available and local receivers. These systems have limits on the number of participants, can kick connections after so many minutes, and can be secured with one-time keys. However, they are network devices and would be somewhat susceptible to network attacks. The effort to hack these systems presents a bigger hurdle than those of USB-enabled devices, but a threat does remain nonetheless.

Physical Security in Huddle Rooms

How do you protect against security risks of huddle rooms? Physical security plays a role. Making it difficult for bad actors to access your space is critical. When hackers gain access to the physical devices they want to penetrate, there is little to be done at that point. There are several ways to prevent this access.

The most simple prevention method of protecting huddle rooms is a locked door. Locked rooms can be accessed through card access, traditional keys, or some form of remote control and also can provide an audit trail should there ever be a security problem. Remote access systems for huddle rooms can be tied to calendar systems that allow for the huddle spaces to be entered only when an authorized meeting has been approved.

Locking down and out the devices that make a huddle room work is also critical. The TVs, wireless presentation systems, and network devices should be out of sight and their ports locked if not in use.

Wrapping Up

Security risks of huddle rooms is a very real thing. Security is top-of-mind for just about every C-Suite leader today, and it’s important to treat network security as a mission-critical business objective. The network is a repository not only for the company’s information, but also that of clients and employees.  Taking the steps to fully understand the security risks of huddle rooms, and working with both the network security team and vendor partners to create a work space that’s not only able to facilitate great collaboration, but also a space where people and data remain secure is key.

Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice. 

Related content:

Microsoft v. Cisco v. Slack: The Battle for Collaboration Dominance

UC Trends: Cross-Device, Cross-Platform, Better Functionality

4 Digital Transformation Challenges IT Departments Will Face in 2018

Author Information

Timothy Albright is Analyst in Residence at Futurum Research where he covers the Collaboration, Unified Communication and ProAV space. Tim is also the founder of AVNation, an audiovisual industry B2B media firm. Taking the data, ideas, and objectives of clients and industry leaders and turning them into easily digestible content is where Timothy has lived and worked for the last twenty years. His career has lead him into broadcast television and radio, education, programming, digital media production, and has been teaching and producing podcasts since 2006. Over the last ten years, Timothy has been focused on researching where business communication is and where it is going. This includes working with education, healthcare, and Fortune 1000 companies leverage their existing infrastructure to help their employees and customers communicate more effectively and efficiently. In addition to hosting and producing a weekly AV and UC news program, he has contributed to several industry-leading publications. Timothy has lead industry discussions around the globe and is a highly sought-after moderator for his ability to bring the real-world uses into conversations and panel discussions.

SHARE:

Latest Insights:

Zoom’s AI-Driven Innovations, Announced at Enterprise Connect 2024, Are Set to Shape the Future of Collaborative Technology with Enhanced User Experiences
Craig Durr, Practice Lead, Workplace Collaboration at The Futurum Group, delves into Zoom's strategic AI enhancements at Enterprise Connect 2024, highlighting their potential to redefine collaborative experiences.
Dialpad and T-Mobile Continue to Combine the Benefits of T-Mobile’s Nationwide 5G SA Network with Dialpad’s AI-enabled Solutions and Innovations
The Futurum Group’s Ron Westfall assesses how combining Dialpad’s new AI suite with T-Mobile’s 5G standalone network lets organizations perform smarter and seal deals faster through real-time insights from Dialpad capabilities such as Ai Recaps.
An Assessment of The Key MWC24 Takeaways Across the Cloud and Telcos Highlighted by Red Hat, Google Cloud, VMware, and HPE Partnerships with Key Telcos
The Futurum Group’s Ron Westfall and Tom Hollingsworth review the top cloud and telco takeaways from MWC 2024 consisting of Red Hat and Tech Mahindra’s hybrid cloud alliance advances, Red Hat and NTT in collaboration with NVIDIA and Fujitsu readying real-time AI analysis at the edge across IOWN environments, Telkomsel selecting Google Cloud to boost operations and products with GenAI, VMware looking to assure the DISH Wireless Open RAN build, and TELUS enlisting HPE servers to complete its Open RAN mission.
Oracle and NVIDIA Collaborate to Deliver Accelerated Computing and Generative AI Services that Establish Digital Sovereignty and Manage National Data
The Futurum Group’s Ron Westfall tells how Oracle and NVIDIA’s expanded collaboration merges Oracle’s cloud sovereignty, enterprise application acumen with NVIDIA’s AI prowess to create a more secure, efficient, and globally accessible AI ecosystem.