The Top 3 Misconceptions About Cyber Security & Access Control
If you don’t think cyber security is an issue today you are dead wrong. But even if you think you are on top of things, chances are you — or your customers — still harbor some misconceptions, particularly when it comes to access control systems.
According to Terry Gold, founder of D6 Research, a research and consulting company dedicated to cyber security and the physical security industry, there is still a lot the security industry gets wrong, particularly when it comes to understanding actual hackers and their motivations and methods. (See online exclusive, “Think Like a Hacker to Better Understand Cyber Security.”) But he has seen promising movement.
“D6 Research has been seeing a slow but progressive change in sentiment over the past couple of years,” he says. “I sense a movement where 2018 is the year of the security industry to reach consensus that it’s no longer acceptable to be dismissive of cyber security.”
It is a progression, agrees Bill Bozeman, CPP, president and CEO, PSA Security Network, Westminster, Colo. “Originally when we started on our soapbox, it was denial. Now we are past that stage, which is good…. Everyone became aware simultaneously that this is an issue and now it is in the action level. We have gone from denial to awareness to action. We are much better off now than two years ago.”
Despite this, there is still a perception in the security industry that access control is somehow a little less at risk — and that is just not true, say the experts.
“Access control is generally one portion of an organization’s comprehensive protection plan that incorporates additional pieces, such as fire, intrusion, video surveillance and video management, to name a few,” says Eric Widlitz, vice president, North America sales, Vanderbilt, Parsippany, N.J. “However, the safety of a business is only as strong as its weakest link.”
Let’s take a look at some of the top misconceptions, with some advice for each.
ACCESS CONTROL IS NOT AS VULNERABLE AS OTHER SECURITY SYSTEMS.
Many people have this impression, but while it may seem that way, it’s simply not the case.
Ryan Zatolokin, business development manager, senior technologist, Axis Communications Inc., Chelmsford, Mass., says in some ways access control systems can even be more vulnerable because video systems historically get changed out for newer models more frequently than access control systems. “It is a misconception that video is more at risk. All networked devices are at risk…. Not one is inherently more at risk than the other. The concerns with access control are the same as with video — those older systems that aren’t maintained. [But] there are legacy access control systems running today that may have a Windows 95 box actually controlling a board in the closet. That to me is scary.” Legacy systems are very vulnerable, says Matt Barnette, president, Mercury Security, part of HID Global, Long Beach, Calif. “All of these panels are network devices so by default if you are installing it on the network you are potentially opening up a gateway for someone to hack in.”
Even that might not be enough, Gold cautions. “One of the biggest misconceptions is that cyber security is primarily about network security. This is only one aspect; there are many others not even related that can undermine everything. Even if a network is completely secure, once someone gets in, then what? Strategy needs to have depth in so many areas. Attackers know this.”
Derek Arcuri, product marketing manager, Genetec Inc., Montreal, agrees. “We hear people saying, ‘So what if someone hacks my IP connected lights or HVAC? They will make my lights turn off? Big deal.’ It is a big misconception that the technology in question is the only victim. In reality it is everything that is connected to that system. Think of the entire network in terms of every single server or edge device that comes in contact with that access control system.”
Access control has been an afterthought, but that is changing, says integrator Colin DePree, sales manager, Pro-Tec Design, Minnetonka, Minn. “We are a lot further along on cyber security from the video platform perspective, but now we are starting to see OSDP and cloud-based access platforms that are forcing us to understand cyber hygiene and having those conversations [on the access control side].”
Pick the Right Partners — & Be One
IT IS MAINLY SOMEONE ELSE’S PROBLEM.
Cyber security is not a one-stop problem/ solution. “Both end users and integrators tend to think it is someone else’s problem,” Zatolokin says. “They might think IT is taking care of it, or the security department is taking care of it. Often there is just not enough communication around this.”
Sometimes it is a matter of not knowing what you don’t know, DePree says. “There can be a lack of urgency or knowledge of what we can do and how we can improve. Sometimes it is an over-reliance on the manufacturers, thinking it is their equipment so it is their responsibility. In reality it is all of our responsibility.”
DePree adds that the real problem is communication. “There is a partnership needed between the customer, the integrator and the manufacturer. If every single one is doing their part in cyber security, it can work. But if the manufacturer says they are doing their part yet they are not communicating or teaching or training the integrator on what they should be doing; or the integrator says they know about cyber and they put the best-rated access control system on, but don’t know what settings they should be using; or on the customer side they say they are just putting access control in and their network is secure, then all three think they are doing a good job, but in reality there has to be continuity and communication through all three of those layers. It has to be a cooperative effort.”
Have the Right Conversations
CYBER SECURITY IS TOO COMPLICATED — OR TOO SIMPLE.
Many security integrators are so overwhelmed by the issue of cyber security they truly don’t know where to start; while others see it as a problem that can be “fixed.” Although there is no doubt that the issue of cyber security is real and complex, there are always ways to tackle tough issues.
“Sometimes people want something that will solve all their problems,” Zatolokin says. They want some specific magical feature that will make that system secure or a magic box you can put on a network to make it secure.” He has also seen the opposite reaction.
“When I talk to IT background people it is a short, concise conversation. If not, it could be a sky-is-falling conversation. Every risk can be mitigated.”
Widlitz says, “With cyber security, you must act everyday. It is not something where you can say, ‘We’re safe; we’re secure; let’s forget about it.’”
Education Technology Insights names Pro-Tec Design a Top 10 Security Solutions Provider
The rapidly changing technology landscape has manifested security vulnerabilities on educational campuses in ways previously
unimaginable. While educational institutions have always been a safe haven for students, shielding young minds from the negatives of the outside world, the recent school tragedies underscore the imperativeness of campus security in the education sector. “When it comes to securing educational campuses, the primary challenges are often budgetary constraints and changing technology and regulations,” begins Eva Mach, a proven expert in finance, operations, and entrepreneurship.
Eva believes that in order to make the world a safer place, the education sector must establish a system that can protect students and staff while also being welcoming to its visitors and open to the community. As the President and CEO of Pro-Tec Design, her weapons in this battle are Pro-Tec’s powerful security solutions that accomplish their mission of protecting clients with technology and staying true to their core values. Pro-Tec Design, a 100 percent employee-owned company, takes a holistic approach to drive unparalleled protection for teaching institutions—whether K-12 or higher education—through its wide range of reliable and high-performance security solutions. “Being an early adopter of IP video and with 26 years of specialization behind us, we are a purpose-driven company committed to protecting our clients with technology,” says Eva.
Pro-Tec is recognized across the U.S. as a trusted advisor for delivering proactive security solutions, in line with the latest technology advancements.
To ensure a safer environment at K-12 schools and college campuses, Pro-Tec’s solutions cover everything from visitor management, access control, video surveillance, centralized intercom communications and more. Their visitor management solutions allow establishing a more secure learning environment while preserving the open, inviting culture for visitors. The company partners with premier manufacturers such as Lenel, Milestone Systems, Avigilon, Honeywell and Bosch emphasizing open system architecture to provide access control and video management solutions that empower clients with the flexibility to custom-fit security parameters based on their unique requirements. Pro-Tec also maintains strong relations with Axis and Panasonic for cameras and Feenics Systems for managed services access control services. Understanding the need to ensure impenetrable safety alongside budget constraints within the education sector, “Pro-Tec works hand in hand with the security directors/principals of the client institutions to assess their vulnerabilities. This helps us to craft the best security solutions at the best price point, whether it’s securing vestibules or the entire campus,” explains Eva.
What makes Pro-Tec second to none is their commitment to continuing education and learning to deepen their knowledge in industry-specific business and regulations issues. The company helps clients prioritize their security needs based on an initial risk assessment and guides them to install complex technologies in line with their business drivers. Pro-Tec brings to the table its numerous years of experience and proven expertise in securing clients from various industries including manufacturing facilities and airports allowing for cross pollination of ideas and solutions. To ensure seamless onboarding, Pro-Tec’s dedicated project managers assist clients with pre-deployment bench test, training, and required system updates. The solutions are complemented by a 24/7 helpdesk that assists with software updates and bug fixes, along with full warranty support during the warranty period. “We start with a risk assessment and then develop a solution for each client, which is followed by our proven process for installation, recommendation, and the support services that help clients to identify future changes. We go beyond just delivering security solutions to craft the best fit for the client’s environment on a limited budget,” illustrates Eva.
Pro-Tec continues to follow its core value of lifetime learning in order to keep pace with technology by investing and training in-house employees. They currently boast a nation-wide reach through its partner network and plan to expand its consulting and design and managed service offerings into the manufacturing and healthcare verticals.
Cloud Based Access Control Podcast Pro-Tec Design and Vector Firm
Jill Bartyzal one of our business relationship managers had an educational podcast with Chris Peterson at Vector Firm to talk about security trends with the Cloud. She focuses on how Feenics is the headliner for a cloud based card access system with mobile applications and custom solutions.
Today I’ll be talking about a current security trend, Access Control in the Cloud. More and more companies are moving their systems and data to the Cloud so this is the perfect time think about moving your Card Readers to the Cloud with Feenics Keep. Open platform controllers, Open architecture SDK to build it yourself, Open Integrations… future-proof and protect your investment with elegant, modern technology. Pro-Tec Design is ready to demo Feenics anytime, anywhere– with Cloud it’s easy! #design #protection #integration #accesscontrol #cloudsecurity
Click the link below to listen!
Lenel/ Milestone Integration Happy Hour
Join us for a peer-to-peer event at Pro-Tec Design on May 23, beginning at 3:30pm. We’ll have senior technology representatives from Lenel and Milestone on site to help you identify the security and efficiency benefits of integrating your systems, as well as a live demo in the Pro-Tec Design Lab. See for yourself how single-face Integration can improve your security processes.
Get personal insight from the pros, ask questions, demo the technology, tour PTD’s lab and sample appetizers and libations in a casual and informative atmosphere. Alex Conrad from Milestone and John Bohr from Lenel will be available to guide you through the integration process, along with engineers and technical representatives from Pro-Tec Design.
We’ll have TWO winners – Those attending will be eligible to win one of two free integration licenses.
RSVP quickly, space is limited.
Wednesday, May 23
from 3:30 pm – 5:00 pm
Designing Safer Schools with PASS
Protecting your students and staff is a big responsibility, and an increasingly complex undertaking. Security technologies and best practices are evolving quickly in response to changing risk factors. With lives at stake, you need to stay ahead of the learning curve – and we’re here to help you do that.
Join us for a morning of learning and networking, as we explore “what’s next” in school safety. Hear from industry leaders who are setting the standards for security excellence, and discover how local districts are responding with leading-edge solutions that establish safer learning environments.
Featuring guest speaker and keynoter, Guy Grace, director of security and emergency planning at Littleton Public Schools, presenting: Our Schools Have Changed Forever. Mr. Grace will share data and stories from his own school district, together with advice gained from firsthand tragedy.
Additional presenters from NSCA, Pro-Tec Design, and our district clients will cover topics central to your security strategy, including:
- Understanding K-12 Security Standards, as defined by PASS: Partner Alliance for Safer Schools
- Constructing a Security Roadmap, and strategies to secure funding
- Practical vs. theoretical risk: Where to focus first for greatest impact
- Best Practices in school safety: Real-world case studies of local districts who are leading the way
9:00am – Registration & Coffee
9:15am – 11:30am – Program / Presentations
11:30am – 12:00pm – Networking Lunch
Guy Grace [Keynote]
Director of Security & Emergency Planning, Littleton Public Schools
Presenting: Our Schools Have Changed Forever
Mr. Grace will discuss the unique risks schools face each day and best practices to help make them safer. His presentation will include data and stories from his own school district, together with advice gained from firsthand tragedy. He will cover internal and external communications, technology usage and staff training, reunification practices, prevention techniques, methods of risk mitigation, parent and student involvement, drills and implementation methods.
Executive Director, NSCA
Presenting: Assessment and Design for Improved Security Measures
Mr. Wilson will cover the history of the PASS K-12 guidelines, the top threats in K-12, technology trends and integration methods, taking a layered approach to schools safety, the TIER continuum approach, code issues and compliance, research on technology costs and funding models, and shared success stories.
Sales Manager & Employee Owner, Pro-Tec Design
Business Relationship Manager & Employee Owner, Pro-Tec Design
Help Desk Launch
Pro-Tec Design HELP DESK
Here to give you easy access for the following:
Quick answers to minor programming issues
Troubleshooting system software before making the call that service truck is needed onsite
Help with setting up Holiday Schedules, Access Levels or New Users
Ability to Remote Connect to customers computers for advanced troubleshooting or software training
Monday through Friday 7:30 am to 4 pm (excluding Holidays)
How to contact:
Minnesota Government IT Symposium
Join us for the 36th Annual Minnesota Government IT Symposium on December 5th through the 7th at the St. Paul RiverCentre.
The Government IT Symposium brings together over 1,000 IT leaders and professionals from across the spectrum of government agencies and systems, along with their private and civic sector partners, for three days of engagement, inspiration and information.
MASA Association Fall Conference
The Minnesota Association of School Administrators (MASA) is a private, nonprofit member service organization representing more than 900 educational administrators throughout Minnesota. Our members include school superintendents, directors of special education, curriculum and technology leaders, central office administrators, and higher education administrators and professors. In addition to our active members, MASA also serves over 250 retirees.
Join us at their fall conference!
Did you know you can open a door with your smartphone?
Whether you have the original 125KHz proximity technology, smart cards, or biometric readers, we can help you transition into a mobile-credentialed platform. There are many different options to consider, and the transition can occur in many ways. Let us help you successfully transition and deploy this new and exciting technology!
There’s a better way to manage your keys!
Access control is great for tracking and managing entry through doors, but what about the doors that only use keys? With products from Traka, you can securely store and manage access to keys or anything else that can go on a key ring. Best yet, you can control them with all of the same features of your access control system such as:
- Allow access to only certain keys for certain people
- Allow access to certain keys for only specific times of day
- Set curfews on keys so they aren’t out too long
- Send alerts when keys are out too long