Daniel J SaitDon Gibson, Chief Information Security Officer, at AV integrator Kinly, underlines the importance of AV with cybersecurity in the workplace.
Hybrid work has firmly cemented itself in the modern workforce. As such, AV systems have become critical infrastructure for today’s businesses. Seamless video meetings, cross-border collaboration, and reliable remote connectivity are now viewed as essential components of productivity.
But as these technologies embed deeper into the digital workplace, the line between AV, IT, and cybersecurity is blurring fast. Remote working environments have amplified this convergence, introducing new threats that businesses must urgently address.
The rise of ‘Shadow AV’
Kinly’s recent Trusted Connections 2025 report highlights a growing and largely underappreciated security gap: the rise of ‘Shadow AV.’ As hybrid and remote work models continue to evolve, employees are increasingly relying on personal devices – from webcams to headsets to entire conferencing setups – that fall outside of IT’s visibility and hence, control. These personal devices are slipping into corporate environments unchecked, introducing unmanaged endpoints that bypass traditional security protocols.
Our research found that nearly half (49%) of enterprises are already struggling with this issue. With personal devices connecting to corporate networks both at home and in-office, many businesses admit that securing equipment outside of core office spaces is harder than ever. In some cases, these unmanaged devices are actively undermining remote work strategies, with three in five (57%) enterprises finding it difficult to secure devices used outside the office, exposing new gaps in existing security frameworks
The risks go far beyond personal inconvenience. Unmanaged personal devices can pose serious cybersecurity risks, potentially leading to, GDPR violations, NIS2 compliance breaches, and intellectual property theft. During our research, Kinly has found ways to utilise such devices to launch unapproved software – in the worst case, that’s another potential way malware (including ransomware), could be introduced into your environment.
AV systems as a vulnerable entry point
Many organisations still fail to recognise that AV systems themselves are a key part of the enterprise security perimeter. AV is no longer just about facilitating meetings; it’s about transmitting large volumes of sensitive audio, video, and screen-shared data. Conversations held over video calls often contain confidential commercial information, private client data, or regulated personal information. Yet, AV streams can be unencrypted, particularly within corporate networks where devices are mistakenly assumed to be ‘safe.’
Even in highly secure environments like law firms or financial institutions, unencrypted audio streams within office boundaries are vulnerable to eavesdropping. If threat actors intercept these streams, whether by exploiting weaknesses in mute functions or unprotected microphones, they can gain access to highly sensitive content.
Beyond the content itself, the infrastructure behind AV systems, including communication rooms, soundbars, video cameras, and switching hubs creates a complex web of interconnected IoT devices. These endpoints could serve as entry points for attackers to pivot through corporate networks, increasing the risk of persistent access to wider IT systems.
Building a secure AV strategy
Securing AV networks requires a multi-layered approach that blends technology, policy, and user behaviour. Solutions with built-in security features such as end-to-end encryption, multi-factor authentication, and network segmentation should be treated as a priority.
Encryption is particularly critical. In our research, we found that while the large majority of enterprises say their in-office AV equipment is protected with strong encryption, that number falls significantly for remote and personal setups. This gap needs to close if businesses are to confidently protect sensitive data across hybrid environments.
Proactive device management is equally important. Every AV endpoint, whether it’s a video bar, microphone, or control system, should undergo rigorous security assessments and device hardening. Many of today’s AV devices are, in effect, mini-computers running operating systems that are just as susceptible to malware or hacking as laptops or mobile phones.
Password management is another frequently overlooked risk. Default credentials on AV equipment offer a low-hanging fruit for attackers. Enterprises should enforce complex password policies, adopt centralised credential management, and restrict administrative access to authorised personnel only.
The human factor
Of course, no security strategy is complete without considering the human element. Regular employee training is essential to reinforce best practices, whether it is recognising phishing attempts, reporting unusual device behaviour, or understanding acceptable device usage policies. This is especially true in hybrid environments, where home networks may lack the firewall protection or intrusion monitoring found in office settings. Educating employees on how their personal devices could inadvertently expose the business is key to closing critical security gaps.
With remote working as standard practice now, AV professionals and IT leaders must work hand-in-hand to secure this rapidly expanding digital perimeter.
AV networks are no longer isolated from core IT infrastructure; they are deeply integrated and equally vulnerable to threats. By adopting a layered approach that combines secure device management, robust encryption, strict access controls, and strong user education, organisations can protect not only their data but also their reputation, client trust, and long-term operational resilience
The mission for the industry is simple: bring people and technology together, securely and seamlessly, wherever work happens.