What Businesses Need to Consider When Buying a Security Camera System

Video surveillance was once the domain of just a few industries. But successful companies are increasingly recognizing that it makes sense to have a 360-degree view of their operations, 24 hours a day.

For most organizations, the benefits in terms of security, safety and risk management easily outweigh any minor downsides. So, for those planning to purchase a security camera system, the first question is: where do you start?

Assessing Your Setup

The best place to begin is by assessing your current setup. For startups or organizations without a pre-existing installation, this part is easy. But for the majority, this will mean understanding the drawbacks and pain points of the system that you are already using.

The most common issues often center around old, outdated technology reliant on software that feels decades old—and might actually be. Many systems also depend on ancient devices equipped with finicky cables and glitchy quirks that require unique, aggravating workarounds. Others may be utilizing something from this century, but still find that the solution fails to adequately meet their needs.

Video Security Goals

After assessing your current system, the next step is identifying your video security goals. These objectives can vary significantly from firm to firm and sector to sector.

For many, the main video security goal will be monitoring entry/exit points and detecting any suspicious activity. Others will be using cameras more for identification purposes. And some will be primarily concerned with observing customers and personnel, or merely maintaining archival footage—for compliance purposes or in case they ever need to defend against a lawsuit.

These objectives can help determine the needs of your installation, including where to place cameras, what type of on-site monitoring is required and who can remotely access real-time footage.

Operational and Technical Requirements

The next item to consider is the system’s operational requirements. Again, some of this will depend upon your goals, such as who has access to recordings and in what ways. But there are other factors to weigh as well. For example: how will the footage be stored and for how long? Depending upon the facility’s location and what industry you operate in, there may be federal, state, or local regulations that answer this question for you.

Technical questions should also be asked. What type of connectivity does the location have? Are the bandwidth and transfer speeds sufficient to move the amount of data associated with video recording? Should you use a cloud-connected system that doesn’t demand high-speed connections, can deal with outages and is able to function optimally on an unreliable network?

Available Resources

Once this is all understood, you need to look at your resources. For many enterprises, this will unfortunately be a determining factor. The scope and scale of a security camera system often depends upon the organization’s budget, available personnel to set up the system and time required to finalize the installation.

It is important to comprehend both the upfront and ongoing operational costs when setting a budget. A cheap initial setup can often prove more expensive (and infuriating) in the long run, due to the time and number of employees needed to maintain your system. So remember: The technology and primary installation themselves are only part of the total cost of ownership that you will pay over the full lifecycle of any security camera system.

Scalability and Long-Term Viability

Alongside these considerations are other underlying implications for the solution over time. First of all, how scalable is it? If you expand or add another location, how easy will it be to extend the current surveillance system and protocols? Growth is a primary goal of almost every enterprise, so you should be thinking about this from the outset.

Then there is the matter of training. How easy will it be to hand off the oversight of the system to a new CTO or bring new IT staffers up to speed about ongoing operational requirements? All too many companies have an old or overly-complicated structure that works fine now—until Steve The Tech Guy retires and there is nobody left in the organization who knows how it works.

Getting Your Best Security Camera System

Almost every business needs some level of video security. In many cases, that just means a few cameras, a central monitoring solution and storage capability. Others will need to establish a true enterprise-wide system across dozens—or hundreds—of locations.

No matter where on the security spectrum your organization is (or would like to be), you will benefit greatly from taking the planning stage seriously. Whether you’re upgrading an entire legacy system or plugging in a camera for the first time, pay close attention to all these factors. Doing so will save you both time and money, and ensure that the solution you select will be perfectly suited to the needs of your business.

Want more expert advice to help you find your ideal solution? Check out our latest eBook, How to Choose the Right Video Security System for your Organization.

How Security Buyers and Vendors Can Create an Effective Partnership

Two Persons Hand Shake

Security buyers and sellers need each other. But when both parties don’t approach the relationship in the right way, it can become problematic. Buyers aren’t sure what solutions are right for their business. Vendors have the challenge of helping buyers understand their products, without scaring them off.

Filip Kaliszan, Co-Founder and CEO of Verkada, recently shared his insights on this topic in a CISO Security Vendor Relationship webinar. Here’s a quick look at some of the highlights.

What makes buying and selling security products so difficult?

A variety of elements contribute to the complexity of the security marketplace. First, there are so many different products. Security is a hot topic and plenty of companies are jumping into the space. So, there are almost as many vendors out there as there are products. This makes determining which of these are worthwhile, and eliminating those that aren’t, challenging.

For vendors, one of the main challenges is that security and its associated concerns are constantly evolving. Just a few short years ago, cameras were everywhere, but anxiety about them was lower. People weren’t thinking as seriously about privacy and the consequences of how data is captured, stored and moved. Today, there are more conversations about these topics. Organizations want to better understand who has access to surveillance recordings, when they are being accessed and what purposes they are being used for. This makes it critical for vendors to address these concerns as part of their sales process.

What tactics should vendors avoid when selling their products or solutions?

There are many different approaches vendors can take to sell their products or solutions. However, across the board, there are some methods that are generally not well-received. One popular, but ultimately ineffective, way to sell security solutions is with fear tactics.

Selling fear is a major turn off in the CISO community. The danger of using it as a selling strategy is that your message simply becomes noise. Buyers learn to block out these techniques because they don’t speak to actual needs. There are some instances where using fear can be appropriate. However, it shouldn’t be where the conversation begins.

Filip discussed his stance on this topic by saying, “There are certainly compelling events within organizations that drive decisions and often those compelling events are very scary things that happen in the physical world. We generally stay away from using fear tactics and techniques to drive our sales. We don’t think that’s an effective approach.”

Instead of using fear tactics, vendors should focus their attention elsewhere. Some start with a conversation about other aspects of the industry. Opening a dialog about the state of the industry, privacy and video surveillance is powerful. This increases trust with buyers by driving the conversation forward. Many of the most successful vendors choose to highlight how their products and solutions can impact the buyer’s business in quantifiable ways. Regardless of the specific approach, vendors should endeavor to share their insights, as opposed to pushing the fear and doubt angle.

Woman Sitting in Front of Man

How can buyers be confident when choosing their security products?

There are different contingencies involved for each organization that purchases a security product. Some have concerns about the physical placement of cameras. Others are more concerned with the IT aspects. Ultimately, buyers need a vendor to provide a security product that satisfies both physical and cyber security standards.

How can vendors build trust and create partnerships with potential buyers?

One way that vendors can build trust is to be transparent with their buyers. Let them dive deep into the technology and identify possible use cases. The more that a buyer is able to understand about what the vendor offers and how the process works, the more likely they are to choose that solution or product. From there, one happy customer can have a big impact. As buyers share what has worked for them, word spreads about the vendor and new accounts start coming in.

In order for buyers and vendors to have a successful partnership, the focus should be on approaching problems collaboratively. This way, the buyer is having their needs met. In turn, this gives vendors the opportunity to solve problems, show their value to buyers and improve their products.

There are many factors that go into developing effective partnerships. Even though it can sometimes be challenging, creating opportunities for cooperation is a worthwhile endeavor that can ultimately reward both parties. Buyers and vendors should aim to stay open to connecting with each other in order to solve the real-world problems that come with making and keeping our world secure.

Want to find out more about how buyers and vendors can work better together? Check out the Building Effective Partnerships Between Security Experts and Security Vendors webinar to get more insight on this topic and the state of the industry.

3 Ways to Hack CCTV Cameras (and How to Prevent It from Happening to You)

Though advances have been made in recent years, many CCTV cameras remain troublingly vulnerable to attack. Malicious actors have developed a wide range of techniques to circumvent security protocols and gain access to surveillance systems.

Some use very simple exploits (that take mere minutes), while others prefer more sophisticated intrusions (that infiltrate even hardened systems). Though their methods may vary, talented hackers can make their way into your network. Once inside, they can watch the world through your cameras—or potentially even take control of them.

Raising the bar on security is the whole point of installing CCTV cameras in the first place. So, these vulnerabilities largely defeat the purpose of investing in a surveillance system.

The entire industry received a wake-up call to this reality following the revelation in 2017 that more than half a dozen Hikvision brand cameras were being accessed through a backdoor password reset flaw.

The problem created embarrassing headlines (the hashtag #hakvision circulated on social channels). And ICS-Cert, an agency within the U.S. Department of Homeland Security, characterized the vulnerability as “remotely exploitable” with a “low skill level to exploit.”

Despite this incident raising overall awareness, many organizations are still woefully behind when it comes to safeguarding their camera systems. To better prepare, all enterprises should understand the following three methods that are among the most commonly used by criminals to gain unauthorized access to CCTV cameras.

Hack Method #1: Default Password Access

Anyone looking to break into CCTV cameras can start by simply looking for its IP address online and logging in. By using engines such as angryip.org or shadon.io, they can obtain that signature information and begin trying passwords that will grant access to the camera or, if a router is attacked, the entire system,.

In theory, this should be difficult. But the shocking reality is that these passwords are often identical to the default factory settings provided by the manufacturer. In the case of the Hikvision hack, it was known to be “12345” with a username of “admin.”

Changing default passwords should be a no-brainer in this day and age. So the lesson here is to not overlook the small details. All the firewalls and hardened network protocols in the world won’t help if an unauthorized user can simply log in with a commonly-used or factory-set password.

Hack Method #2: Find the User ID

When CCTV cameras are harder to breach, malicious actors can instead look for the user ID. This was easy to find in a cookie value for Hikvision. Hackers could then reset the account to take over and have full run of the device—and perhaps the whole system.

“While the user id is a hashed key, we found a way to find out the user id of another user just by knowing the email, phone, or username they used while registering,” wrote Medium user Vangelis Stykas earlier this year even after Hikvision had worked to fix its known flaws.

“After that,” the writer continued, “you can view the live feed of the cam/DVR [digital video recorder], manipulate the DVR, change that user’s email/phone and password and effectively lock the user out.”

Hack Method #3: Finding Command Lines

A key flaw in the Hikvision case was a “backdoor” command line of code in the system that granted admin-level access when exploited.

Once this became common knowledge, the Chinese company recognized and patched the flaw. The patch was then included in subsequent firmware updates for all its models with known vulnerabilities. Hikvision stated publicly that the code was a holdover from the testing phase, which developers neglected to remove before launch.

Despite all the press in the security community, many operators never bother to install the latest firmware. So, this flaw is an issue that even novice hackers will likely continue to leverage.

Understanding the Threat

Hikvision is not alone. But its failings showed that weak spots exist in even some of the most widely-used cameras on the market. This doesn’t mean that enterprises should simply change models and expect to be protected.

Constant vigilance mixed with security intelligence is a powerful combination. All organizations should look to bolster these critical components—both internally, and when it comes to partnering with companies worthy of their trust. By working with vendors that put security at the top of their agenda, you can rest easier knowing that the cameras in your facilities won’t be the subject of the next trending social media topic.

Many organizations are beginning to recognize that traditional CCTV technology simply isn’t built for this new, connected era. Forward-thinking companies are increasingly looking for revolutionary solutions to strengthen the safety and productivity of their operations. Using the latest technology standards to unlock the potential of computer vision, modern video security providers will be the ones that help their customers solve real-world business problems—today and in the future.

To learn more about the future of enterprise video surveillance, check out our latest eBook, which explores why security professionals are moving from traditional systems to hybrid cloud solutions.

Video Surveillance Laws: Video Retention Requirements by State

Given the falling price point, ease of use and increasing demand for constant surveillance, more and more companies are using video cameras for security. In some cases, organizations are required to.

Many industries across the United States are required by local or federal regulations to maintain visual security. And each of those rules comes with its own specific details. It can all get very confusing, but it is incumbent upon all affected organizations to know the applicable requirements.

From traditional areas (like banking and infrastructure) to higher-risk sectors (such as gaming and recreational cannabis), companies need reliable, modern video cameras. Depending upon the situation, footage from each camera often must be preserved for a specific amount of time.

Any company operating in a regulated area should check all the local mandates to ensure compliance. But the following overview of some of these laws can help any business operator understand the common requirements.

New York Video Retention Requirements: Banking and ATMs

While widespread surveillance has become more common over the past decade, banks are one area where consumers have long expected cameras to be recording all the time.

In fact, video monitoring is required by the Federal Deposit Insurance Corporation (FDIC), the body that insures money in most banking institutions against theft or loss. The organization does not go into great depth about specific mandates. But part of its requirement for each bank includes “maintaining a camera that records activity in the banking office.”

The state of New York has also established an overarching “ATM Safety Act” intended to protect individuals using cash machines. Its security measures include a provision that ATMs must have at least one surveillance camera that can record anyone entering a facility if it is located in a building or “all activity occurring within a minimum of three feet in front of an automated teller machine located outside a building.”

In both cases, banks that operate ATMs must retain this footage for at least 45 days, according to the New York Department of Financial Services. Any reported violations of this requirement must be corrected within ten days. After this time, the institution becomes subject to fines of $2,000 per day if no solution is made. These fines can escalate further if the violation is “intentional,” “performed knowingly and with a reckless disregard,” or there is “a pattern of violations.”

Nevada Video Retention Requirements: Gaming and Casinos

Nevada is the only state where casino gambling and sports betting are legal across all jurisdictions, and the state gaming commission requires casinos in all locations, from Sin City to Reno, to maintain video surveillance.

However, the restrictions on retention in these world-renowned gaming palaces are less stringent than some other industries in other states—seeming to prioritize privacy over long shelf life.

“All video recordings of coverage provided by the dedicated cameras or motion-activated dedicated cameras required by these standards must be retained for a minimum of seven days,” per state law. And the rule extends that timeline to 30 days for “recordings of detentions and questioning by security personnel.”

Some federal regulations also govern the industry. Specifically in terms of gaming operations on Native American reservations, the Department of the Interior mandates that a “surveillance system shall be maintained and operated from a staffed surveillance room,” which must be located so that it “is not readily accessible by either gaming operation employees who work primarily on the casino floor, or the general public.”

In terms of footage retention, all recordings must be preserved for at least seven days. And as in Nevada, footage “involving suspected or confirmed gaming crimes, unlawful activity, or detentions by security personnel, must be retained for a minimum of thirty days.” Operators also must maintain a video library log that demonstrates “compliance with the storage, identification, and retention standards.”

California and Colorado Video Retention Requirements: Cannabis

Given the stigma still facing recreational marijuana laws, states have taken precautions to ensure security within the industry. While some locations have a public that is very tolerant of cannabis, officials crafting the laws are keenly aware of the negative press and fallout that comes with any high-profile incident.

California has established strict laws across the board and requires any company operating in its legalized marijuana industry to have security cameras and retain the footage from those cameras for at least 90 days as part of an overall security plan that is reviewed and approved by the state’s Department of Cannabis Regulation (DCR).

The state also goes into more detail than most about the technical specifications required for recordings. The digital camera must record 24/7, at a minimum resolution of 1280×720 pixels and 15 frames per second, every day of the year.

Location is another factor that is covered. “Each camera shall be placed in a location that allows the camera to clearly record activity occurring within 20 feet of all points of entry and exits on the business premises, and allows for the clear and certain identification of any person and activities in all areas required to be filmed,” according to the state regulations.

Recordings are subject to inspection by the DCR. Any surveillance solution must also “be equipped with a notification system” that informs the operator “of any interruption or failure.”

While California is still new to the legal recreational marijuana world, Colorado’s laws go back the furthest of any state and helped set a standard. “All camera views of all limited access areas must be continuously recorded 24 hours a day,” says that law. “The use of motion detection is authorized when a licensee can demonstrate that monitored activities are adequately recorded.”

It requires companies to retain footage for 40 days and store it “in a format that can be easily assessed.” Recordings, with the date and time clearly displayed, must be stored in an archival system that “ensures authentication” of the footage as “legitimately captured” and with “no alteration.”

The state also mandates that, before selling an establishment, owners delete all retained recordings older than 40 days.

New York and Georgia Video Retention Requirements: Law Enforcement

There have been many high-profile, controversial incidents involving the use of force in recent years. With this in mind, police departments across the country are looking for ways to better ensure accountability. Body-worn video cameras (also known as bodycams), worn by officers of the law, have become popular nationwide. But there remains a heated debate about how to handle the footage.

New York City has established a six-month minimum on the retention of footage from bodycams by police officers—a duration that, due to concerns raised by privacy groups, was dropped from an initial one-year expectation.

Despite the privacy concerns of some experts, public surveys have suggested that citizens prefer a longer retention requirement. And as of last year, the NYPD was working under different requirements, depending upon the nature of the footage.

For any generic encounter with a member of the public (such as routine stops or witness interviews) video should be retained for six months, according to the latest policy. If the encounter was deemed “adversarial” this would be extended to 18 months. If there was a “use of force,” this becomes three years. Any footage pertaining to an arrest or civilian complaint would be retained until the case is fully concluded.

Georgia has set similar retention standards for police forces across the state, using a 180-day timeline for mandatory preservation. And recordings that are known to be related to incidents have those limits extended to two and a half years.

The state also has guidelines and standards for storage, security and recovery of any footage that is lost. Something it knows will be a challenge at small police offices that rely on “aging technology.”

“If police departments don’t allocate the resources required to manage their required use of body cameras, review footage to ensure compliance, and maintain storage and retrieval capabilities, then we could potentially create bigger problems in the aftermath of police shootings,” said Dan Beck, director of Local Government Risk Management Services (an agency within the Georgia Municipal Association), in a public statement.

Do Your Homework on Video Retention Requirements

These regulations represent but a few of the many rules governing the use of video surveillance in the United States. Whether you are operating in one of these sectors, or another highly-regulated industry—such as healthcare, insurance, energy, or infrastructure—make sure you are thoroughly prepared and informed.

As technology has advanced, so too have the specifications. Some standards are now very detailed and outline everything from camera location, to resolution, to video retention requirements. By knowing the rules in your area and using equipment and protocols that are up to the task, you can rest easier knowing that you won’t run afoul of the law.

Ready to become compliant with video retention requirements in your state? Evaluate hybrid cloud solutions like Verkada that make video storage simple and foolproof.

Learn more in this 3-min. customer testimonial, where the City of Parkersburg shares how Verkada’s security camera system has kept their town and residents safe.