mobile image
October 30, 2018

The Top 3 Misconceptions About Cyber Security & Access Control

If you don’t think cyber security is an issue today you are dead wrong. But even if you think you are on top of things, chances are you — or your customers — still harbor some misconceptions, particularly when it comes to access control systems.

According to Terry Gold, founder of D6 Research, a research and consulting company dedicated to cyber security and the physical security industry, there is still a lot the security industry gets wrong, particularly when it comes to understanding actual hackers and their motivations and methods. (See online exclusive, “Think Like a Hacker to Better Understand Cyber Security.”) But he has seen promising movement.

“D6 Research has been seeing a slow but progressive change in sentiment over the past couple of years,” he says. “I sense a movement where 2018 is the year of the security industry to reach consensus that it’s no longer acceptable to be dismissive of cyber security.”

It is a progression, agrees Bill Bozeman, CPP, president and CEO, PSA Security Network, Westminster, Colo. “Originally when we started on our soapbox, it was denial. Now we are past that stage, which is good…. Everyone became aware simultaneously that this is an issue and now it is in the action level. We have gone from denial to awareness to action. We are much better off now than two years ago.”

Despite this, there is still a perception in the security industry that access control is somehow a little less at risk — and that is just not true, say the experts.

“Access control is generally one portion of an organization’s comprehensive protection plan that incorporates additional pieces, such as fire, intrusion, video surveillance and video management, to name a few,” says Eric Widlitz, vice president, North America sales, Vanderbilt, Parsippany, N.J. “However, the safety of a business is only as strong as its weakest link.”

Let’s take a look at some of the top misconceptions, with some advice for each.


‘Access control systems aren’t as vulnerable as, say, video. You don’t hear about access control systems being hacked but video surveillance vulnerabilities are all over the news.’

Many people have this impression, but while it may seem that way, it’s simply not the case.

Ryan Zatolokin, business development manager, senior technologist, Axis Communications Inc., Chelmsford, Mass., says in some ways access control systems can even be more vulnerable because video systems historically get changed out for newer models more frequently than access control systems. “It is a misconception that video is more at risk. All networked devices are at risk…. Not one is inherently more at risk than the other. The concerns with access control are the same as with video — those older systems that aren’t maintained. [But] there are legacy access control systems running today that may have a Windows 95 box actually controlling a board in the closet. That to me is scary.” Legacy systems are very vulnerable, says Matt Barnette, president, Mercury Security, part of HID Global, Long Beach, Calif. “All of these panels are network devices so by default if you are installing it on the network you are potentially opening up a gateway for someone to hack in.”

Even that might not be enough, Gold cautions. “One of the biggest misconceptions is that cyber security is primarily about network security. This is only one aspect; there are many others not even related that can undermine everything. Even if a network is completely secure, once someone gets in, then what? Strategy needs to have depth in so many areas. Attackers know this.”

Derek Arcuri, product marketing manager, Genetec Inc., Montreal, agrees. “We hear people saying, ‘So what if someone hacks my IP connected lights or HVAC? They will make my lights turn off? Big deal.’ It is a big misconception that the technology in question is the only victim. In reality it is everything that is connected to that system. Think of the entire network in terms of every single server or edge device that comes in contact with that access control system.”

Access control has been an afterthought, but that is changing, says integrator Colin DePree, sales manager, Pro-Tec Design, Minnetonka, Minn. “We are a lot further along on cyber security from the video platform perspective, but now we are starting to see OSDP and cloud-based access platforms that are forcing us to understand cyber hygiene and having those conversations [on the access control side].”

Pick the Right Partners — & Be One

When it comes to making sure access systems are as secure as possible, start by finding the right manufacturing partners, says Mercury’s Matt Barnette. “Make sure you are partnering with companies that are taking it seriously and providing you not only with products, but knowledge on how to secure them.”

Farpointe provides cyber security tools such as vulnerability checklists, but it goes beyond that, says Scott Lindley, president, Farpointe Data, Sunnyvale, Calif. “Farpointe Data sees its most important challenge as helping integrators stay in compliance with cyber security law. For instance, the FTC has decided it will hold the business community responsible for failing to implement good cyber practices and is now filing lawsuits against those that don’t.”

Several manufacturers today provide penetration test results as well as offer cyber-hardening guides and other documents on how to install their products in a cyber-hardened way.

But Northland Controls’ Henry Hoyne also cautions integrators to do their own due-diligence when picking products and manufacturers. “People think something is secure because the manufacturer says so, as opposed to asking for whitepapers and independent penetration tests. It is simple for any manufacturer to conduct their own pen test and possibly misrepresent their findings.”

D6’s Terry Gold agrees. “Revamp how you generally accept information and assertions made by manufacturers. Raise the bar for them to provide information that validates their claims. Trusting them is not the same as trusting their claims about their product. From a cyber security standpoint of your customer, you’re accountable for the latter.”

But it is definitely a two-way street, Barnette says. “We have taken a number of steps that include paying for third-party independent testing.… But just because we put features into a product, those still have to be enabled when installed on a customer’s site. Installers need to know how to turn on certain features and configure them on a customer’s network. Otherwise they can be an open door for a hacker to get through if the products being installed aren’t protected.”


‘I understand cyber security is a big deal, but it is really more the manufacturer’s/ end user’s/IT department’s responsibility than it is mine.’

Cyber security is not a one-stop problem/ solution. “Both end users and integrators tend to think it is someone else’s problem,” Zatolokin says. “They might think IT is taking care of it, or the security department is taking care of it. Often there is just not enough communication around this.”

Sometimes it is a matter of not knowing what you don’t know, DePree says. “There can be a lack of urgency or knowledge of what we can do and how we can improve. Sometimes it is an over-reliance on the manufacturers, thinking it is their equipment so it is their responsibility. In reality it is all of our responsibility.”

DePree adds that the real problem is communication. “There is a partnership needed between the customer, the integrator and the manufacturer. If every single one is doing their part in cyber security, it can work. But if the manufacturer says they are doing their part yet they are not communicating or teaching or training the integrator on what they should be doing; or the integrator says they know about cyber and they put the best-rated access control system on, but don’t know what settings they should be using; or on the customer side they say they are just putting access control in and their network is secure, then all three think they are doing a good job, but in reality there has to be continuity and communication through all three of those layers. It has to be a cooperative effort.”

Have the Right Conversations

Axis Communications’ Ryan Zatolokin advises integrators to go in asking the right questions. “Ask the customer, ‘Do you have an IT department? How involved are they? Do you have an IT policy? Does it have to be applied to the access control system?’”

This is both a priority and a challenge for Northland Controls’ Henry Hoyne. “When it comes to the clients, sometimes the biggest problem is not getting to the IT group early enough.”

Pro-Tec Design’s Colin DePree agrees. “If we are not dealing with the IT team at the time of sale, we require and mandate that we have access to them. We need to communicate that these are the devices, here is what the network looks like and the data that will be going across it.”

When it comes to talking to end users, the more specific the better, says D6’s Terry Gold. “Have each client define their cyber security goals. Avoid generalizations like ‘high security’ because this is subjective. Instead, define them by outcomes and results, such as specific scenarios that will be prevented.”

The integrator’s role in the cyber security equation is often to be the conduit between the manufacturer and end user, ensuring that both hardware and firmware are kept up to date, and working closely with the end user to plan ahead for future purchases toward their ultimate cyber security goal.

This includes the integrator taking on the role of ensuring that updates occur, Widlitz says. “You can’t simply install a solution, then walk away. It’s important to educate the customer on the possible vulnerabilities that exist within any system and the proper protocols needed to continuously update the software and firmware to avoid such threats.”

DePree adds, “We believe updating firmware is the single biggest thing our industry can do; but sometimes we are not doing it because the client is pushing back. Five years ago firmware updates had to be something new to get value. Now those are just as important to fix any bugs, leaks and vulnerabilities.”

Legacy access control systems, in particular, are a place where integrators really need to step up, PSA’s Bill Bozeman adds. “Be on top of the latest changes and upgrades in software, and make sure the end user is up to speed. It is their responsibility to bring it to the attention of the end user and the manufacturers to provide it.”


‘Cyber security is so complicated I don’t know where to start or what to do. Alternatively, there is a magic solution and I just need to find it.’

Many security integrators are so overwhelmed by the issue of cyber security they truly don’t know where to start; while others see it as a problem that can be “fixed.” Although there is no doubt that the issue of cyber security is real and complex, there are always ways to tackle tough issues.

“Sometimes people want something that will solve all their problems,” Zatolokin says. They want some specific magical feature that will make that system secure or a magic box you can put on a network to make it secure.” He has also seen the opposite reaction.

“When I talk to IT background people it is a short, concise conversation. If not, it could be a sky-is-falling conversation. Every risk can be mitigated.”

Widlitz says, “With cyber security, you must act everyday. It is not something where you can say, ‘We’re safe; we’re secure; let’s forget about it.’”

Start Somewhere

It is a very old saying, but, How do you eat an elephant? One bite at a time. The best advice on where to start is to start somewhere.

PSA’s Bill Bozeman advises starting with insurance — but not just any insurance. “It is unlikely it will come from an existing provider because it is rare that their offering will be adequate. We recommend our integrators go to a specialist that really understands.” (See “When All Else Fails— Why Cyber Liability Insurance Matters,” exclusively online at: why-cyberliability-insurance-matters .)

Simultaneously he suggests picking someone and putting them in charge of the effort. “Someone needs to take responsibility; someone needs to be in charge who wants to study the problems, go to the sessions, and get their arms around the issue for their company.”

Bozeman describes a three-step process for any company: “Look inward, then look to the customer, then look for opportunity.”

While this is good advice, Henry Hoyne of Northland Controls also cautions integrators to get to the point as quickly as possible where someone in the organization specializes in cyber knowledge. “It is unrealistic to assume your current IT team has the ability to address all things cyber. That requires specialized knowledge.”

Genetec’s Derek Arcuri suggests integrators settle in for the long haul and prepare to grow the solution over time, while making sure not to overdo it. For example, air-gapped networks are a good start, but they aren’t enough. Yet there is a danger of also going the other direction and doing too much.

“You don’t want to over-complicate it to the point you can’t keep up,” he says. “You can’t over-secure your network if you can’t maintain that philosophy. For example, you could segregate the network and secure everything in the architecture; then a few years later a younger manager takes over IT, decides it looks so complex and cleans it up. All of a sudden a waiting virus is introduced.”

Terry Gold of D6 doesn’t sugar coat anything, saying that cyber security is extremely complicated and many in the security industry don’t yet have an idea of how secure they really need to be. However, he notes that the security industry is not a pioneer in the wilderness.

“The good news is that there’s much to learn from the journey that IT went through starting 20 years ago. One of those lessons is that security is a set of principles and practices, not a product or specification. So the journey for any organization needs to start there, then translate that into physical security.”

mobile image
October 23, 2018

Education Technology Insights names Pro-Tec Design a Top 10 Security Solutions Provider

The rapidly changing technology landscape has manifested security vulnerabilities on educational campuses in ways previously
unimaginable. While educational institutions have always been a safe haven for students, shielding young minds from the negatives of the outside world, the recent school tragedies underscore the imperativeness of campus security in the education sector. “When it comes to securing educational campuses, the primary challenges are often budgetary constraints and changing technology and regulations,” begins Eva Mach, a proven expert in finance, operations, and entrepreneurship.

Eva believes that in order to make the world a safer place, the education sector must establish a system that can protect students and staff while also being welcoming to its visitors and open to the community. As the President and CEO of Pro-Tec Design, her weapons in this battle are Pro-Tec’s powerful security solutions that accomplish their mission of protecting clients with technology and staying true to their core values. Pro-Tec Design, a 100 percent employee-owned company, takes a holistic approach to drive unparalleled protection for teaching institutions—whether K-12 or higher education—through its wide range of reliable and high-performance security solutions. “Being an early adopter of IP video and with 26 years of specialization behind us, we are a purpose-driven company committed to protecting our clients with technology,” says Eva.

Pro-Tec is recognized across the U.S. as a trusted advisor for delivering proactive security solutions, in line with the latest technology advancements.

To ensure a safer environment at K-12 schools and college campuses, Pro-Tec’s solutions cover everything from visitor management, access control, video surveillance, centralized intercom communications and more. Their visitor management solutions allow establishing a more secure learning environment while preserving the open, inviting culture for visitors. The company partners with premier manufacturers such as Lenel, Milestone Systems, Avigilon, Honeywell and Bosch emphasizing open system architecture to provide access control and video management solutions that empower clients with the flexibility to custom-fit security parameters based on their unique requirements. Pro-Tec also maintains strong relations with Axis and Panasonic for cameras and Feenics Systems for managed services access control services. Understanding the need to ensure impenetrable safety alongside budget constraints within the education sector, “Pro-Tec works hand in hand with the security directors/principals of the client institutions to assess their vulnerabilities. This helps us to craft the best security solutions at the best price point, whether it’s securing vestibules or the entire campus,” explains Eva.

What makes Pro-Tec second to none is their commitment to continuing education and learning to deepen their knowledge in industry-specific business and regulations issues. The company helps clients prioritize their security needs based on an initial risk assessment and guides them to install complex technologies in line with their business drivers. Pro-Tec brings to the table its numerous years of experience and proven expertise in securing clients from various industries including manufacturing facilities and airports allowing for cross pollination of ideas and solutions. To ensure seamless onboarding, Pro-Tec’s dedicated project managers assist clients with pre-deployment bench test, training, and required system updates. The solutions are complemented by a 24/7 helpdesk that assists with software updates and bug fixes, along with full warranty support during the warranty period. “We start with a risk assessment and then develop a solution for each client, which is followed by our proven process for installation, recommendation, and the support services that help clients to identify future changes. We go beyond just delivering security solutions to craft the best fit for the client’s environment on a limited budget,” illustrates Eva.

Pro-Tec continues to follow its core value of lifetime learning in order to keep pace with technology by investing and training in-house employees. They currently boast a nation-wide reach through its partner network and plan to expand its consulting and design and managed service offerings into the manufacturing and healthcare verticals.

mobile image
July 10, 2018

Cloud Based Access Control Podcast Pro-Tec Design and Vector Firm

Jill Bartyzal one of our business relationship managers had an educational podcast with Chris Peterson at  Vector Firm to talk about security trends with the Cloud. She focuses on how Feenics is the headliner for a cloud based card access system with mobile applications and custom solutions. 


Today I’ll be talking about a current security trend, Access Control in the Cloud. More and more companies are moving their systems and data to the Cloud so this is the perfect time think about moving your Card Readers to the Cloud with Feenics Keep. Open platform controllers, Open architecture SDK to build it yourself, Open Integrations… future-proof and protect your investment with elegant, modern technology. Pro-Tec Design is ready to demo Feenics anytime, anywhere– with Cloud it’s easy!   #design #protection #integration #accesscontrol #cloudsecurity

Click the link below to listen!

mobile image
May 23, 2018

Lenel/ Milestone Integration Happy Hour

Join us for a peer-to-peer event at Pro-Tec Design on May 23, beginning at 3:30pm. We’ll have senior technology representatives from Lenel and Milestone on site to help you identify the security and efficiency benefits of integrating your systems, as well as a live demo in the Pro-Tec Design Lab. See for yourself how single-face Integration can improve your security processes.


Get personal insight from the pros, ask questions, demo the technology, tour PTD’s lab and sample appetizers and libations in a casual and informative atmosphere. Alex Conrad from Milestone and John Bohr from Lenel will be available to guide you through the integration process, along with engineers and   technical representatives from Pro-Tec Design.


We’ll have TWO winners – Those attending will be eligible to win one of two free integration licenses.


RSVP quickly, space is limited. or



Wednesday, May 23

from 3:30 pm – 5:00 pm







mobile image
October 26, 2017

Designing Safer Schools with PASS

Protecting your students and staff is a big responsibility, and an increasingly complex undertaking. Security technologies and best practices are evolving quickly in response to changing risk factors. With lives at stake, you need to stay ahead of the learning curve – and we’re here to help you do that.

Join us for a morning of learning and networking, as we explore “what’s next” in school safety. Hear from industry leaders who are setting the standards for security excellence, and discover how local districts are responding with leading-edge solutions that establish safer learning environments.

Featuring guest speaker and keynoter, Guy Grace, director of security and emergency planning at Littleton Public Schools, presenting: Our Schools Have Changed Forever. Mr. Grace will share data and stories from his own school district, together with advice gained from firsthand tragedy.

Additional presenters from NSCA, Pro-Tec Design, and our district clients will cover topics central to your security strategy, including:

  • Understanding K-12 Security Standards, as defined by PASS: Partner Alliance for Safer Schools
  • Constructing a Security Roadmap, and strategies to secure funding
  • Practical vs. theoretical risk: Where to focus first for greatest impact
  • Best Practices in school safety: Real-world case studies of local districts who are leading the way



9:00am – Registration & Coffee
9:15am – 11:30am – Program / Presentations
11:30am – 12:00pm – Networking Lunch



Guy Grace [Keynote]
Director of Security & Emergency Planning, Littleton Public Schools

Presenting: Our Schools Have Changed Forever

Mr. Grace will discuss the unique risks schools face each day and best practices to help make them safer. His presentation will include data and stories from his own school district, together with advice gained from firsthand tragedy. He will cover internal and external communications, technology usage and staff training, reunification practices, prevention techniques, methods of risk mitigation, parent and student involvement, drills and implementation methods.

Chuck Wilson
Executive Director, NSCA

Presenting: Assessment and Design for Improved Security Measures

Mr. Wilson will cover the history of the PASS K-12 guidelines, the top threats in K-12, technology trends and integration methods, taking a layered approach to schools safety, the TIER continuum approach, code issues and compliance, research on technology costs and funding models, and shared success stories.

Colin DePree
Sales Manager & Employee Owner, Pro-Tec Design

Jenn Ribar
Business Relationship Manager & Employee Owner, Pro-Tec Design

Register for your seat today!

mobile image
August 1, 2017

Help Desk Launch

Now Open

Pro-Tec Design HELP DESK

Here to give you easy access for the following:

Quick answers to minor programming issues

Troubleshooting system software before making the call that service truck is needed onsite

Help with setting up Holiday Schedules, Access Levels or New Users

Ability to Remote Connect to customers computers for advanced troubleshooting or software training


Monday through Friday 7:30 am to 4 pm (excluding Holidays)

How to contact:

Phone: 763-553-1297



mobile image
December 5, 2017

Minnesota Government IT Symposium

Join us for the 36th Annual Minnesota Government IT Symposium on December 5th through the 7th at the St. Paul RiverCentre.

The Government IT Symposium brings together over 1,000 IT leaders and professionals from across the spectrum of government agencies and systems, along with their private and civic sector partners, for three days of engagement, inspiration and information.

mobile image
October 2, 2017

MASA Association Fall Conference

masa logo

The Minnesota Association of School Administrators (MASA) is a private, nonprofit member service organization representing more than 900 educational administrators throughout Minnesota. Our members include school superintendents, directors of special education, curriculum and technology leaders, central office administrators, and higher education administrators and professors. In addition to our active members, MASA also serves over 250 retirees.

Join us at their fall conference!

mobile image
July 1, 2017

Did you know you can open a door with your smartphone?

Whether you have the original 125KHz proximity technology, smart cards, or biometric readers, we can help you transition into a mobile-credentialed platform. There are many different options to consider, and the transition can occur in many ways. Let us help you successfully transition and deploy this new and exciting technology!

mobile image
June 24, 2017

There’s a better way to manage your keys!

Access control is great for tracking and managing entry through doors, but what about the doors that only use keys? With products from Traka, you can securely store and manage access to keys or anything else that can go on a key ring. Best yet, you can control them with all of the same features of your access control system such as:

  • Allow access to only certain keys for certain people
  • Allow access to certain keys for only specific times of day
  • Set curfews on keys so they aren’t out too long
  • Send alerts when keys are out too long