Securing Digital Signage in the Age of Cybercrime

As the world becomes more digital, the concern around cybersecurity rises. It seems like retail businesses and financial institutions are falling victim to ransomware attacks and data breaches more frequently, highlighting the need for safety measure implementation.

According to Cybersecurity Ventures’ 2022 Official Cybercrime Report, “The global annual cost of cybercrime is predicted to reach $8 trillion annually in 2023.” Those that operate and offer digital signage systems and services are not immune but with the proper security measures, they can avoid disruptions and loss related to cybercrime.

“Digital signage has become an increasingly popular way for businesses to advertise and communicate with their customers, but with the rise of this technology comes the risk of cyberattacks. It's crucial for us as digital signage CMS providers to prioritize the safety of their networks and implement measures to protect our clients against these threats.” – Sean Law, Doohly CEO & Co-Founder

Why Cybersecurity Matters for Digital Signage

Outside of the obvious stolen and damaged data and the costs associated with loss and recovery, the Cybersecurity Ventures report lists other detriments of cybercrime, including:

• Lost productivity
• Theft of intellectual property
• Theft of personal and financial data
• Disruption to normal business operations
• Restoration and deletion of hacked data and systems
• Reputational harm

Because of the very public nature of digital displays, cybersecurity becomes even more essential. “Protecting the security and data integrity of a digital display system, and the broader network it may reside on, is extremely critical,” says Mike Sabia, client service group director at SNA Displays, a digital signage display manufacturer.

As Sabia mentions, both the physical signage system, as well as the content management software (CMS) and network used to run it, need to be considered when establishing security protocols for digital displays and messaging.

If not taken seriously, Pattabi Doraiswamy, vice president of R&D at Watchfire, an LED display manufacturer, says reputations are on the line. A security breach could mean a display is “hijacked,” showing inflammatory or illicit information, which could harm a business’s reputation or, in the case of out-of-home (OOH) displays, cause revenue loss or stolen advertising campaign data.

“A less salient but equally significant risk is inadvertently providing access to data, which could be sensitive company information, personal data, or any of the data associated with the display network,” Sabia explains. “All data networks without tight cybersecurity are susceptible to viruses and other malware.”

Cybercrime affects businesses small and large. For sign shops brokering digital signage services, these risks and costs matter to customers. If proper measures are not considered, the ramifications of cyberattacks could deter businesses from choosing digital signage as a messaging solution.

How to Prevent Digital Signage Hacking

So, how does one keep digital signage content and data safe from potential hackers?

To protect the data associated with digital signage, Sabia says methods vary depending on application, as well as the data sensitivity, but first and foremost, working with reputable content management providers who take data and content security seriously is a start.

Providers should have information on how often they audit and test their security protocols and what users and signage brokers can do to put themselves in the best position to prevent an attack.

Providers are also responsible for establishing secure connections, password hashing and salting, and encrypting content during transmission, according to Doraiswamy. Credit: Images courtesy of Watchfire

“Care should be taken to reduce endpoints, and intrusion detection should be in place,” Doraiswamy says. “Be sure that your provider offers physical security of the control system too, as this can be an overlooked step in ensuring that the client’s information is safe.”

Disabling USB access is advised, as well as setting up DNS filtering when appropriate. Both provide entry points for potential threats, according to Blane Zemunik, sales and marketing executive at Doohly, a software-as-a-service platform for digital OOH.

These points highlight the importance of asking questions when choosing a provider partner. Do they know the risks and vulnerabilities associated with digital displays? How are they protecting users, devices, and systems? How often do they revisit those protocols?

“IT security is a changing game every day, so owners and providers need to challenge their teams to ensure their systems are safe,” Sabia stresses. “Most content management platforms have regular release schedules to keep you up to date with patches. Software checkups and remote deployment are an essential part of managed services at SNA Displays.”

Doohly also stresses this point in a recent blog “The Basics of Cybersecurity for Digital Signage,” advising users and brokers to be aware of software’s “end of life” date. If software hits its expiration date, programming patches or changes will no longer be available, leaving a system open to vulnerabilities.

Digital signage servers allow users to control the content of a digital display from a remote location. To prevent hackers from gaining access, they must be connected to a secure network. Credit: Image courtesy of SNA Displays

For those managing and using a digital signage system, unique and strong passwords are also essential. Sabia says the most important thing is to change any default passwords, update them often, and enable two-factor authentication. Other typical protocol includes logging out of accounts and limiting user access to device systems and platforms.

“To achieve strong and secure passwords, it's recommended that you employ some sort of password manager and frequently change your passwords,” advises Zemunik. Additionally, when creating passwords, Doraiswamy says the longer, the better. Using words like “password” and “qwerty” or names and usernames in passwords is a no-no.

Other do’s and don’ts include updating passwords after any personnel changes and never writing down passwords and usernames in accessible places. “That’s like leaving your house key hanging outside by the front door,” Doraiswamy states.

When opening files, Zemunik stresses users to be aware of the source — is it trusted? This is especially true as “HTML packages/dynamic content continues to become more popular and widely used,” Zemunik explains. “This type of content can provide attackers with easy entry points, especially when they use external data.”

Advice for Wide-Format PSPs Breaking into Digital Signage

For printers looking to add digital signage to their list of offerings, sources agree cybersecurity for digital signage comes down to partnering with reputable providers who offer secure solutions.

Sign businesses need to research and review providers with the above concerns in mind — asking questions about network and data security and how they implement that into their software. If offering content creation and management services, brokers need the proper technical training and a basic understanding of IT security, including when to spot a phishing scam and how to build strong passwords.

As Doohly writes in its blog, it takes an entire organization to follow protocols. “Doing more is always the best approach,” Zemunik stresses. “You can never be too careful,” which is why he encourages businesses to lock down everything.

For a deeper dive into adding digital signage to your offerings, check out Integrating Digital Signage into Your Arsenal of Services.