Listen to this article now
The Security Risk of Huddle Rooms is a Very Real Risk
We have all seen the headlines. Target was hacked, Experian was compromised. No one seemingly seems to think it can happen to them. Yet there are thousands of network security threats that exist throughout every corporate building; the huddle room. While commonplace in the workplace today, the security risk of the huddle room as a threat vector is often overlooked.
Why Huddle Rooms Are Threat Vectors
Security expert, Theresa Payton, says “people often forget about the hardware as a potential threat vector.” The servers and inbound internet traffic aren’t the only culprits. What you bring into the office also creates a threat vector.
Today’s huddle room is a simple meeting and collaborative space. Typically, the room will have a TV or display of some sort, table, and connections for laptops. There will also be wired or wireless network access. Computers, mobile devices, and USB drives are plugged in, connected, and used to present and collaborate. But, do you know where those devices have been, what malware might be lurking on them? Chances are good the answer is a resounding no. So yes, the security risk of huddle rooms is a very real risk.
Network Vulnerabilities in Huddle Rooms
As mentioned above, when you bring devices into a space and connect them, without knowing or controlling anything about those devices, your network is vulnerable as a result. There are other threats as well. For instances, researchers have discovered hacking a system with the HDMI connection. While this is a relatively difficult process, that does not mean it hasn’t been done.
There are also vulnerabilities in-room control systems. The most recent exposed security flaw was at Defcon demonstrating how to hack a Crestron control system. Crestron had already released a security patch for that specific vulnerability, but if a system wasn’t updated and teh security patch installed, well, there’s a problem. The wired network connection is also a possible threat vector.
How to Minimize the Security Risk of Huddle Rooms
So how do you minimize the security risk of huddle rooms? Here are some suggestions.
Vendor Collaboration. Collaboration is key, ironic, as huddle rooms are inherently designed to facilitate collaboration. But in this case, the collaboration necessary is with your vendors. Work closely with your vendors to maintain firmware, which are critical with these systems. As vulnerabilities are discovered, the manufacturers work to fill those holes through software and firmware patches. But software and firmware patches only work if they’re applied.
Minimize Physical Connections. The security risk of huddle rooms is often innocently compromised by things connected to the network. When you can minimize physical connections within the room, it helps keep the network safe. This is a challenging task, to be sure, but advisable.
How do you accomplish that? Instead of deploying several network connections in a room, set up a more robust wireless system. Wireless networks allow for more security and control. In addition, companies can roll out several guest networks that will constrain non-employees to only certain areas of the network. And then there is the wireless video transmission.
Wireless Video in Huddle Rooms
Wireless video functionality can help not only mitigate the risk of huddle room security, but add a new level of collaboration capabilities that teams love. Wireless video systems in huddle rooms allow you to “throw” your presentation or collaboration workspace onto the TV in the room. However, how that video ‘gets there’ is what determines the potential threat. So in any discussion about security risks of huddle rooms, if you’re using wireless video, knowing the inherent risks this wireless connection presents is critically important.
USB-connected devices like the Barco ClickShare provide a wireless connection to the screen. The ClickShare “puck” acts as the mediator between the user’s computer and the TV through the USB connection. A piece of software is installed on the device when it’s plugged in, with the puck allowing for the transmission. However, USB connections are notoriously insecure. As a result of this network security threat, we are seeing instances of the U.S. government and some hospital systems locking down USB connections and not allowing their use.
Wireless presentation systems like Via or Mersive use the company network, or a special network, to present. The software lives on the users’ laptops or mobile devices and can detect available and local receivers. These systems have limits on the number of participants, can kick connections after so many minutes, and can be secured with one-time keys. However, they are network devices and would be somewhat susceptible to network attacks. The effort to hack these systems presents a bigger hurdle than those of USB-enabled devices, but a threat does remain nonetheless.
Physical Security in Huddle Rooms
How do you protect against security risks of huddle rooms? Physical security plays a role. Making it difficult for bad actors to access your space is critical. When hackers gain access to the physical devices they want to penetrate, there is little to be done at that point. There are several ways to prevent this access.
The most simple prevention method of protecting huddle rooms is a locked door. Locked rooms can be accessed through card access, traditional keys, or some form of remote control and also can provide an audit trail should there ever be a security problem. Remote access systems for huddle rooms can be tied to calendar systems that allow for the huddle spaces to be entered only when an authorized meeting has been approved.
Locking down and out the devices that make a huddle room work is also critical. The TVs, wireless presentation systems, and network devices should be out of sight and their ports locked if not in use.
Security risks of huddle rooms is a very real thing. Security is top-of-mind for just about every C-Suite leader today, and it’s important to treat network security as a mission-critical business objective. The network is a repository not only for the company’s information, but also that of clients and employees. Taking the steps to fully understand the security risks of huddle rooms, and working with both the network security team and vendor partners to create a work space that’s not only able to facilitate great collaboration, but also a space where people and data remain secure is key.
Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.
Timothy Albright is Analyst in Residence at Futurum Research where he covers the Collaboration, Unified Communication and ProAV space. Tim is also the founder of AVNation, an audiovisual industry B2B media firm. Taking the data, ideas, and objectives of clients and industry leaders and turning them into easily digestible content is where Timothy has lived and worked for the last twenty years. His career has lead him into broadcast television and radio, education, programming, digital media production, and has been teaching and producing podcasts since 2006. Over the last ten years, Timothy has been focused on researching where business communication is and where it is going. This includes working with education, healthcare, and Fortune 1000 companies leverage their existing infrastructure to help their employees and customers communicate more effectively and efficiently. In addition to hosting and producing a weekly AV and UC news program, he has contributed to several industry-leading publications. Timothy has lead industry discussions around the globe and is a highly sought-after moderator for his ability to bring the real-world uses into conversations and panel discussions.