Digital Signage Security: Why Aren’t We Talking About This?

Whether you realize it or not, digital signage has been hacked into over the past few years—either as a prank, for a cause, or for damage. It’s not always front-page news, but maybe you’ve heard some stories. Like the restaurant employees using a digital menu to play on their Xbox – while the restaurant was open. Or several instances of hackers casting pornography onto very public digital signs. Your reputation is at stake here.

So let’s talk about digital signage security. How do you ensure your digital signage remains safe and protected? Here are a few things to keep in mind as you develop digital signage security strategies:

Physical Network Access

While most of us think of hacks as a remote attack from literally anywhere on the globe, don’t neglect physical network vulnerabilities in your digital signage security protocols. Digital signage is inherently public, so first, keep all public players in a tamper-proof enclosure, ideally out of sight. Installing cameras to catch culprits in the act of attempting to do harm is another safeguard to consider. You will also want to make sure all PC ports and connections are secured. In order to prevent the boot order from being changed, protect the password on the BIOS.

Tests For Vulnerability and Other Standards

Hackers don’t quit after the latest software patches and updates are installed. They look for further vulnerabilities. That’s why testing for vulnerabilities needs to be regular and ongoing. It’s a good idea to combine 3^rd party assessments with automated code reviews – covering all the bases. Make sure you are working with a service provider who will bake testing and audits into service practices.

Wherever possible, you want to use applications that add a layer of encryption to data. With encryption, even if data is stolen, it is protected. Also, make sure that the solutions you purchase are using secure protocols. HTTP and FTP do not meet the mark for storing and securing critical information.

A worst-case scenario is hackers posting their unwanted content onto your digital signage. To remedy this, your provider should use software with client-pull technology, and disable listening on all ports. This will make it difficult or impossible for those who are not supposed to post.

Service Level Agreement

A Service Level Agreement (SLA) is a must-have for managing digital signage security. An SLA should give you as the client peace of mind by guarding against potential problems. Elements to look for:

• Ongoing support
• Guaranteed Uptime
• Timeframe for fixing problems
• Financial responsibility for losses caused by malfunctioning products or extended downtime.

It is not too much to ask your service provider to stand by what they install and the services they provide. A service agreement that spells these things out should be a source of reassurance for you and an understanding to your service provider that it is their reputation on the line as much as yours.

What is Your Threat Model?

One big question to ask yourself is, “who am I defending this installation against?”  The threat you defend against will determine the threat model. You will employ some strategies to ward off bored teenagers being a nuisance, and other strategies for more dedicated hackers, still others for a criminal enterprise who sees your signage as a prime target.

The solutions are not always simple, and as with any other endeavor, you get what you pay for. Shortcuts in the short run can lead to bigger headaches in the long run. Digital signage security is all about managing risk and managing reputation. With safeguards and protocols in place, the task should be manageable.