Insider heard reports this week that a digital billboard in the northwest got hacked. We asked Formetco’s Jim Shimmin to talk about digital billboard security.

Jim, how do Independent Billboard Operators protect their digital billboards from being hacked?

The two most important things are Network Security and Password Security.

Network Security is going to help protect from external threats and Password Security is going to help protect from internal threats.

Most smaller companies don’t have an I.T. Department, how do they handle Network Security?

Great point Dave.  This is where they need to know that their digital billboard vendor is going to support them.  I set up all our digital billboards with a current Operating System and firewall. Content is pulled from a server by the player and has encrypted file names that must match. Best practice is to get the units off the Public Internet by using a Virtual Private Network.

What are best practices for passwords?

The OAAA Digital Committee has some great guidelines

  • Weakest link in most security models is the user and their password protection.
  • The largest risk comes from an internal source – someone who has been given access to the content system or the player(s) operation.
  • Most intrusion issues occur by username/password information that has been compromised.
  • The passwords should be a minimum of 8 characters and include at least three of the following character sets. Passwords should be changed at a minimum of every 6 months; every 60 days is better.
    • lower case letters (i.e. a-z)
    • upper case letters (i.e. A-Z)
    • numbers (i.e. 0-9)
    • special characters (e.g. !@#$%^&*()_+|~-=\‘{}[]:”;’<>?,./)
  • Passwords must not be able to be re-used for a minimum of 180 days

Are there any other important things you tell your customers?

  • Know who has access to the Content Management System, Internal and External to your organization.
  • What plan is in place to disable access in the event that it is necessary? Know in advance the steps required to disable access for a user.
  • In the event something does happen, know how to disable the structure remotely – (Smartlink is the best and fastest option).