Pro-Tec Design Announces Planned Transition of CEOs
[Minnetonka, MN, 5-15-23] – Pro-Tec Design, a leading provider of innovative security technology integration solutions, is pleased to announce a planned transition of its chief executive officer (CEO) position. After a successful tenure, Ms. Eva Mach will be stepping down as CEO, and Mr. Dave Benson will assume the role effective May 15, 2023. This transition represents a strategic decision to ensure the company's continued growth and success.
Ms. Mach has been instrumental in Pro-Tec Design's journey, providing visionary leadership and driving the company from privately held to employee-owned through an ESOP, instituting a major cultural pivot transitioning employees to operate as owners. "It has been an honor to lead a team of talented and dedicated individuals through the first years as a 100% employee-owned company. With David Benson coming on board, the future of Pro-Tec Design is in excellent hands." As a Strategic Executive Advisor, Ms. Mach will remain with the company during the transition period, offering her expertise and guidance to ensure a seamless handover.
Taking the helm as CEO, Mr. Dave Benson brings a wealth of experience and a proven track record of success in the security and systems integration industry. With over 25+ years of experience, Mr. Benson has spearheaded numerous strategic initiatives and achieved substantial business growth for organizations in our industry. His deep understanding of the systems integration industry and strong leadership skills make him the ideal candidate to lead Pro-Tec Design into its next phase of growth and innovation.
"I am excited to join the Pro-Tec Design team! I believe, especially in security integrations, that people are paramount," said Mr. Benson. "Pro-Tec's reputation for excellent people and excellent results is second to none. I look forward to meeting all of my new colleagues, learning about what their passions are, developing strong relationships, and growing our company with innovative solutions and technologies."
The board of directors and the entire Pro-Tec Design team express their appreciation for Mrs. Mach's outstanding contributions and leadership during her tenure as CEO. They are confident that Mr. Benson will bring fresh perspectives and drive the company forward, building upon the strong foundation established by his predecessor.
About ProTec Design
Pro-Tec Design is a client focused and technology driven security integrator providing consulting, design, and installation of Video Surveillance, Card Access Control, Intercom, and Intrusion systems. We use technology to protect an organization’s people, data, and assets – keeping business continuity, security procedures, and policies on track during a myriad of unforeseen events.
Through our certified partner network of Lenel, Milestone, Avigilon, Axis, Bosch, Exacq, Feenics, Honeywell, Lenel, and Milestone, PTD specializes State and Local Government entities, healthcare, manufacturing, K-12 and Higher education. As a member of ASIS International, ESA, IAHSS, NSCA, PSA Security Network, & Security-Net Partner, PTD is dedicated to Making Our World Safer.
Eva Mach Recognized as Part of the Security Industry Association’s 2023 Women in Security Forum Power 100
Eva was highlighted in this annual program showcasing 100 women who are role models, leaders, innovators and influencers in the global security industry.
SILVER SPRING, Md. – The Security Industry Association (SIA) has named Eva Mach, President, CEO and Employee Owner of Pro-Tec Design to the 2023 honoree list for the SIA Women in Security Forum Power 100. This initiative, presented by the SIA Women in Security Forum, honors 100 women in the security industry each year who are role models for actively advancing diversity, inclusion, innovation and leadership in the community.
Eva brought her 20 years of industry experience to Pro-Tec in 2010. Beginning as the company’s CFO, she assumed the role of President and CEO in 2016. A champion of creating a high-level, focused vision, promoting a dynamic culture and staying ahead of industry and market changes, Eva is leading the company into its next phase. As the security industry rapidly transforms from physical to virtual, Eva is responsible for guiding the short and long-term strategic planning. Under her guidance, she has assembled a strong leadership and operations team that focuses on protecting their clients’ business and security needs with the latest industry technology.
Since her arrival, she has taken the company from privately held to employee-owned through an ESOP, instituting a major cultural pivot transitioning employees to operate as owners. To drive the cultural and growth shifts associated with employee ownership, she implemented EOS Traction to build management team capacity and promote accountability throughout the organization.
Eva serves as the ultimate decision making and point person on strategic initiatives including products, services and maintaining strategic relationships with Pro-Tec’s key vendors and partners.
Acting as a true open-door CEO, Eva leads the daily charge manifesting Pro-Tec’s vision of Making Our World Safer.
“The SIA Women in Security Forum is proud to showcase the remarkable women of the 2023 WISF Power 100. These dynamic, talented honorees are making waves in the security industry and are constantly exhibiting leadership, motivating others and driving progress in the security industry,” said SIA Women in Security Forum Chair Kasia Hanson. “We commend this outstanding class of honorees for their impactful efforts in the security industry and broader community and look forward to celebrating their successes at ISC West.”
On March 31 at ISC West 2023, the SIA Women in Security Forum will host a networking breakfast and Power 100 celebration recognizing this year’s Power 100 honorees. At this free event sponsored by dormakaba, attendees will connect with other leaders and champions for diversity and help SIA recognize and celebrate the 2023 honorees of the Power 100 program. After the breakfast, attendees are encouraged to stay for the SIA Women in Security Forum keynote with special guest speaker Alison Levine, team captain of the first American Women's Everest Expedition team, faculty member at the Thayer Leader Development Group at West Point and the New York Times bestselling author of On the Edge. Learn more and register to attend here.
The Power 100 announcement comes on March 8, International Women’s Day, a global day celebrating the social, economic, cultural and political achievements of women and presenting a call to action for accelerating women’s equality. SIA supports International Women’s Day and launched the SIA Women in Security Forum on this day in 2018. This year, SIA will celebrate International Women’s Day and its 2023 theme by encouraging the Power 100 honorees, the Women in Security Forum community and the larger security industry to work to forge women’s equity and #EmbraceEquity.
“The 2023 Power 100 honorees are an inspiration to all of us in the security industry. These 100 women leaders are breaking barriers, shifting expectations and advancing diversity, equity and inclusion while taking our industry to new heights,” said SIA CEO Don Erickson. “As we celebrate International Women’s Day, we congratulate this year’s outstanding class of honorees and thank them for their invaluable contributions to the security industry as well as their leadership, innovation and advocacy.”
SIA’s Women in Security Forum works to engage all security professionals to promote, recruit and cultivate women’s leadership for a more inclusive and diversified industry. In addition to the Power 100, the SIA Women in Security Forum offers several programs and activities, including the SIA Progress Award, which celebrates individuals who advance opportunities for women in the security industry; the SIA Women in Security Forum Scholarship, which furthers educational opportunities and advancement for a diverse security workforce; special keynote breakfast events at ISC West and East; volunteer efforts that give back to the community; virtual education offerings; collaborative projects with other organizations seeking to empower women in security and technology; support of the SIA Women in Biometrics Awards; thought leadership and speaking opportunities; and engaging networking and professional growth events. Membership in the SIA Women in Security Forum is free and open to all employees of SIA member companies and SIA student members. Not a SIA member yet? You can still join and will be subscribed to Women in Security Forum news, although you may not receive full member privileges. Learn more and get involved here.
SIA is the leading trade association for global security solution providers, with over 1,300 innovative member companies representing thousands of security leaders and experts who shape the future of the security industry. SIA protects and advances its members’ interests by advocating pro-industry policies and legislation at the federal and state levels, creating open industry standards that enable integration, advancing industry professionalism through education and training, opening global market opportunities, and collaborating with other like-minded organizations. As the premier sponsor of ISC Events expos and conferences, SIA ensures its members have access to top-level buyers and influencers, as well as unparalleled learning and network opportunities. SIA also enhances the position of its members in the security marketplace through SIA GovSummit, which brings together private industry with government decision makers, and Securing New Ground, the security industry’s top executive conference for peer-to-peer networking.
SDM Exclusive: State of the Market - All Eyes on the Rise of Video Security
Insiders Address Key Topics for Security Pros to Consider
Eva Mach, Pro-Tech Design | Customer Education
As an industry, we need to do a better job of educating clients on new technology and the applications of these new technologies. As integrators, some of those conversations aren’t natural to us. We are comfortable talking about cameras and frame rates and storage.
We need to better educate the client to serve them as best we can as the technology changes and also be mindful as to whether or not that fits with our client’s policy and procedures internally. I see education as an opportunity to help clients in their business. There is so much data that we collect now at the edge and our customers have a huge opportunity to use that data to improve their business operations.
Planning Ahead - Potential Product Shortages
As most of you are aware, product shortages have impacted nearly every industry this summer. From new cars to laptop computers, companies have struggled to obtain the products they need to keep their businesses operating efficiently or to meet their customer’s needs.
Pro-Tec Design has been relatively fortunate to have not been significantly impacted by these shortages, but we are starting to see pockets of delays in some product lines. Some cameras and credentials have lead times in excess of eight weeks. In some cases, we have been able to obtain a significant forward supply of products, but not for all.
With this in mind, we would like to encourage you work closely with us to plan your future projects or purchases with more lead time then we have all become accustomed to. Items you purchase on a recurring basis (such as additional credentials for your employees) should be ordered 6 to 8 weeks before they are needed, so that you can be sure to have when needed.
Any information you are willing to share with us regarding your future projects will help us prevent any significant delays. Even basic information such as project name, scope (5 readers, 6 cameras), and tentative dates would be a huge help in our mutual success.
Please contact us for any product or project needs. Thank you!
Pro-Tec Receives North Side Community Builder 2021 Award
Pro-Tec Design is proud to receive the North Side Community Builder 2021 Award from Hospitality House Youth Development (HHYD). Our employee-owners volunteered their time and financial resources to support HHYD’s mission of opening the doors of opportunity to the youth of the North Minneapolis Community. To learn more about HHYD and the vital work they do: https://hhyd.org
End of Life for Windows Server 7, 2008 & 2008 R2
On January 14, 2020, support for Windows Server 2008 R2, Windows 7 and SQL 2008 will end.
This means there will be no more support or security patches on your server. In order to ensure that your infrastructure and applications do not go unprotected, your IT department will need to update your servers to a supported version.
If you choose not to upgrade, your network may become vulnerable and you run the risk of a potential network breach which could result in a loss of your companies data/assets. Please keep in mind that the server and software manufacturers will no longer provide support if your hardware/software is out-of-date.
STEPS TO TAKE TO PROTECT YOUR NETWORK
- Ensure your IT department updates your server(s) to a supported Operating System and Database that is compatible with your access control or video management software
- Verify you have installed the latest Microsoft Patches
- Confirm your server has been properly updated by scheduling a remote 15-minute session with a Pro-Tec Design technician (Pro-Tec Design will verify if your operating system and database are currently supported and have received the latest security patches)
- Confirm that your access control and/or video software is up-to-date (Pro-Tec Design will verify your Software Support Agreement is up-to-date and schedule an upgrade)
HOW TO SCHEDULE YOUR REMOTE SESSION
- Phone: 763.553.1297
- Email: firstname.lastname@example.org
- Online: Schedule your assessment online here
Please be sure to schedule your remote session prior to January 14 to make sure your system is up-to-date.
Kirk Simmons Achieves Certified Protection Professional (CPP) Milestone
We celebrate our employee-owner, Kirk Simmons, for upholding his certification of being a Certified Protection Professional (CPP) for over five years. Achieving a CPP is considered the gold standard certification for security professionals and demonstrates knowledge and competency in the seven key domains of security:
- Security Principles and Practices
- Business Principles and Practices
- Personnel Security
- Physical Security
- Information Security
- Crisis Management
Certified Protection Professionals are recognized globally as the standard of excellence for security management professionals. “I’ve always looked up to those that were CPP certified and knew that I wanted to achieve that goal. I spent over six months studying all the time. Any free moment I had, I dedicated to achieving the goal of obtaining the CPP certificate.” – Kirk Simmons, CPP.
Kirk graduated top of his class, Summa Cum Laude with a B.S. in Criminal Justice Administration at Bellevue University and later went on to receive his master’s in Organizational Leadership. With over 18 years of experience in the security industry, Kirk has taken on the roles of Corporate Loss Prevention Manager and Security Manager at organizations such as Best Buy, Musicland Stores and Hennepin County. In addition to his schooling, Kirk served in the marine corps as a military policeman and was meritoriously promoted three times.
To obtain the CPP certification, one must meet the minimum qualifications established by ASIS International, along with passing the challenging certification exam of over 200 questions that assesses one’s knowledge in all aspects of physical, intellectual and personnel security.
Congratulations Kirk on your five-year milestone as a CPP!
Move and Improve Your Security With Hosted Cloud Technology
With the current trend of moving data and servers to the cloud, we are seeing security become a part of the conversation and often turning into the solution. Moving security to a hosted cloud environment provides end-users with an intuitive solution that is easy to manage from anywhere on any device. Organization’s situational awareness can be improved by reducing response times during security events by utilizing hosted cloud’s inherent mobility.
Here are three benefits of moving your organization’s security to the cloud:
With a traditional on-premise server system, with or without cloud storage of your database, you must purchase and manage the proper IT equipment and licensing to meet your network standards. This could include on-premise servers, firewalls, cloud linking software/hardware and/or subscriptions to cloud services. Whereas with a hosted cloud solution, you automatically get access to an enterprise-level cloud setup for a single subscription fee, including load balancing, pro-active health monitoring, database replication sets, vulnerability testing, two-factor authentication and other features that you do not have to configure, maintain nor set up for your organization.
FREE UP YOUR IT DEPARTMENT
IT Resources are becoming scarcer in businesses today, so why not take security off their plate so they can focus on more business-centric applications? A hosted cloud solution eliminates the need for on-premise database and application servers. Eliminating the servers also removes the maintenance and physical space in the data center or IT closet. No more weekend updates of servers or whole days spent updating the security VAR software. Disaster recovery plans are taken care of with automatic backups and remote storage in the cloud.
Updates to the hosted cloud are pushed out automatically to users on a timely basis, eliminating the need for IT to patch and update servers along with client devices. New software features suggested by a single user can be more easily implemented and pushed out to all users of the system. Think crowd-sourced software for security.
MOBILITY AND MITIGATING VULNERABILITY
Working on the go, from any device at any location, has never been easier as mobility is inherent to hosted cloud solutions. Remotely manage processes, such as adding or revoking user access, reviewing recent card reads and camera activity, invoking lockdown all from any web browser or mobile device – your system goes with you 24 hours a day, 365 days a year. When logging into a hosted cloud solution off-premise, you do not need to VPN into your network to make the connection. Instead, you are connecting to your database via the internet. This greatly decreases vulnerabilities of connecting a device directly to your network through an unsecured connection, like a free Wi-Fi at a coffee shop or having a worker connect from their personal laptop infected with a virus.
While housing your businesses infrastructure inside a hosted cloud may sound less secure than an on-premise server, it creates a much more secure environment because it limits risks associated with outdated software, unpatched servers, passwords being shared and VPN tunneling. By moving your security technology to the hosted cloud, you turn complex security processes into a simpler, more manageable and scalable solution. From the lack of local servers and proprietary equipment, to remote access, it makes security technology easier to install and manage across the board.
Start a conversation on moving to the cloud with one of our cloud security specialist.
Pro-Tec Design Hosts Security-Net
Pro-Tec Design had the privilege of hosting the Security-Net partner meeting on June 20 and June 21, 2019. Along with our vendors, we welcomed 15 Security-Net partners from across the country at our office in Minnetonka, MN.
Security-Net, is recognized as a network of the world’s finest security systems integrators. Boasting a sustained reputation of excellence and innovation in the security integration industry, Security-Net supports and services both private industry and the government sector with intelligent security system solutions.
It was a beautiful week in the Twin Cities as the rain held off and the sun made its appearance. Upon arrival to their hotels, attendees received specially crafted gift bags filled with local beer, Minnesota-based snacks, coffee, mosquito repellent (a must during MN summers) and other goodies. Many attendees were able to experience all that Minnesota summers have to offer by taking a stroll across the iconic Stone Arch Bridge, rooting on the Minnesota Twins baseball team, shopping at the Mall of America, golfing at the Rush Creek Golf Club and partaking in the Twin Cities Pride Festival.
ADI, a leading distributor of security and low voltage products, sponsored a Thursday morning breakfast provided by the family-run, MN based catering company, The Lookout. ADI represents more than 500 industry manufacturers at over 100 locations across the globe.
The meeting agenda included discussions on membership updates, emerging technologies, vendor presentations, sponsorship opportunities and more. Attendees were able to participate in networking opportunities and dinner at Psycho Suzi’s Motor Lounge on Wednesday night and the Milestone sponsored dinner at FireLake Grill on Thursday night. Milestone, a global industry leader in open platform IP video management software, was founded in 1998 and helps organizations manage risks, protect people and assets, optimize processes and reduce costs.
This was Pro-Tec Design’s first time hosting the event and it was a huge success. Pro-Tec Design, a purpose-driven security integrator, provides consulting, design and installation of Video Surveillance, Card Access Control, Intercom and Intrusion systems. To learn more about Security-Net and to find a listing of their upcoming events, visit https://www.security-net.com/.
Pro-Tec Design Named 2019 Star Tribune Top Workplace
Pro-Tec Design has been named one of the Top Workplaces in Minnesota by the Star Tribune. A complete list of those selected is published in the Star Tribune Top Workplaces special section.
Produced by the same team that compiles the 28-year-old Star Tribune 100 report of the best-performing public companies in Minnesota, Top Workplaces recognizes the most progressive companies in Minnesota based on employee opinions measuring engagement, organizational health and satisfaction. The analysis included responses from over 140,000 employees at Minnesota public, private and nonprofit organizations.
The results of the Star Tribune Top Workplaces are based on survey information collected by Energage, an independent company specializing in employee engagement and retention.
Star Tribune Publisher Michael J. Klingensmith said, “The companies in the Star Tribune Top Workplaces deserve high praise for creating the very best work environments in the state of Minnesota. My congratulations to each of these exceptional companies.”
To qualify for the Star Tribune Top Workplaces, a company must have more than 50 employees in Minnesota. Over 2,000 companies were invited to participate. Rankings were composite scores calculated purely on the basis of employee responses.
Thinking About Moving to Managed Cloud Security Services?
Are you thinking about moving to Managed Cloud Security Services? Let us help shift those gears from thinking to doing. With Managed Services from Pro-Tec Design, we’ll lift your security technology into the cloud faster and easier than ever before.
While moving security technology to the cloud is a sound idea, execution is where it bogs down – enter Pro-Tec Design. Our Managed Services expertise quickly gets you set up and keeps you running. Reducing the need to manage, update and repair servers might just cause your IT department to say, “thank you”.
Cloud Security Technology Reduces:
- IT hardware workload
- Number of servers required
- Risk of equipment to protect
Let PTD’s Managed Services:
- Provide real-time alerts
- Assess issues as they arise
- Fix issues immediately
- Communicate ongoing system status
- Benefit cyber security system
- Strengthen cyber security defenses
Allow us to alleviate your headaches by carrying your security technology to the cloud.
Healthcare Security: 3 Simple Ways to Maintain System Integrity
Healthcare security is a constant balancing act between securing the facility while being open and welcoming, and on top of it all, continuing to provide outstanding patient care. With constant visitor traffic, access to multiple buildings, protecting confidential information and hectic emergency departments, it is challenging for hospital staff to stay on top of every aspect of system management.
Here are 3 best practices to ensure security system health and mitigate potential risk through future planning:
1PROACTIVELY MANAGE SYSTEM SOFTWARE
Maintaining software support agreements and following standard cybersecurity policies for your security systems are critical to eliminating unnecessary risks. Often, security software is treated as a one-off solution and standard IT policies are not maintained. In today’s connected world, security software and hardware are critical points to maintaining both physical and cyber-secure facilities. Software updates and firmware patches are actionable items that should be addressed on a consistent, scheduled basis to ensure you are both maximizing your system with new features and eliminating risks on your network. Encryption adoption is another avenue for limiting exposure of your staff, patients and data. New credentials and panels provide improved encryption methods that reduce potential network and facility breaches.
2IMPLEMENT HARDWARE LIFECYCLE PLAN
In addition to software updates, it is also critical to stay ahead of hardware and technology changes. Even if there are no challenges currently visible, risk may be growing behind the scenes. Many potential risks from hardware go unnoticed until a critical failure point. Addressing those risks via a proactive lifecycle plan will mitigate failure points and hopefully avoid system outages. Understanding your systems design and component locations is another proactive step that can be taken to better respond should a failure occur. When a failure does happen, seconds and minutes matter. Knowing where the important equipment is in your facility can dramatically improve the time it takes to rectify the issue.
3COLLABORATE WITH IT AND FACILITIES
A big cause of overall security system health and dysfunction is that there are many moving parts and it can become hard to properly manage them all at once. Today’s security leaders in healthcare are challenged not only with securing an open atmosphere and planning for the future, but also by a lack of organizational prominence. We see security departments placed across a wide range of locations as it relates to organizational charts. IT, Operations, Facilities, Finance, Legal and Security itself are some of the places where security departments report up through. This uncertainty of security’s role in the strategic plan of an organization creates difficulty in building and funding a robust security plan. This is not to say that healthcare organizations do not view security as a part of their critical infrastructure, we know they do, but unfortunately, very few have properly funded security budgets. Instead, security is dependent on collaboration across multiple departments to receive funding. This lack of budget requires security leaders to create a strong partnership most commonly with IT and Facilities to work together, establish a security plan and properly budget to eliminate any surprise funding.
Learn how Pro-Tec Design can help mitigate these risks by scheduling a Health Check assessment.
Security System Spring Cleanup
Spring is the perfect time to give some much-needed attention to your security system. Here are four recommendations to make sure your system is at peak performance.
1) Remove dirt build-up from winter on all outside parts
2) Clean camera domes and lenses
3) Check batteries and cable connections
4) Train new staff members on operating your system
Call or email your Relationship Manager to set up your spring cleaning at (763) 553-1477.
Protecting the Next Generation of Leaders
Occurrences of theft, accidents, bullying, and the recent incidents of shooters going on a rampage are a nightmare scenario for security and safety directors on school campuses,” begins Eva Mach as she touches upon the growing demand for security within campuses. Being well-versed with the nitty-gritty of safety and security requirements, Eva harnesses her 20 years of industry experience in an ambitious bid to alleviate campus security with the aid of latest technologies. The rapid industry transformation from physical to virtual fuels the convergence of cyber and physical security.
Eva envisions a dynamic culture to focus on campus security needs of elementary, middle school, high school, and college students across the US. Currently, as the President, CEO & Employee Owner of Minnesota-based Pro-Tec Design—a technology company and systems integrator specializing in campus security—Eva leads the charge to combine campus security solutions with best-of-breed technology and practices. “Technology is only one aspect of security. We educate organizations on the best practices and emerging technologies and offer a holistic view of school safety to make the campuses safer,” states Eva.
Pro-Tec Design works collaboratively with security organizations and aligns its security solutions with the best research to identify the clients’ roadmap and provide superlative, budgetfriendly solutions for improved return on investment (ROI). The company provides traditional on premise solutions in addition to cloud solutions, managed services, and Bluetooth technology catering to students used to using their mobile devices. Pro-Tec Design empowers schools with the PTD Xperience—a robust security development process—to identify clients’ critical and optimal security areas and build roadmaps with simultaneous risk assessment and PTD system health checkups. The PTD Xperience also provides clients a roadmap incorporating on premise and hosted campus security solution components such as video surveillance, access control, visitor management, and notification beacons. “Technology keeps evolving, and we as integrators assist organizations build upon their investments with the ability to flexibly incorporate future enhancements,” Eva explains.
Backed by years of experience working with local governments and police departments, Pro-Tec Design is uniquely positioned to integrate collaboration among the first responders via improved alert notifications. The company’s uniqueness also stems from its unwavering commitment to educating its employees on the emerging technologies, and design security solutions using technology the clients are familiar with (read mobile devices). “We are in this business to make the world safer, and we wholly dedicate ourselves to delivering exceptional customer service and seamless user experience,” says Eva.
Pro-Tec Design takes great pride in serving as a trusted advisor to its clients across educational, healthcare, transportation, and commercial industries, and will continue to meet their security requirements. Recently, one of the company’s clients decided to extend their outside perimeter protection. Rather than just installing additional cameras, Pro-Tec Design assisted the client in implementing a system that leverages data analytics, empowering their security director to track a person’s progress across the entire property perimeter. “The system did not just simplify tracking, data analytics also allows for easy forensics work if needed,” adds Eva.
As the security market advances into capitalizing the evolving capabilities of artificial intelligence (AI) and machine learning (ML), Pro-Tec Design is looking forward to bringing a the power of analytics like license plate recognition, aggression and gunshot detection into the campus environment. The robust analytics like operator assisted tracking will allow the security personnel to track subjects between cameras in a large campus environment. With its current focus on cloud-based systems, Pro-Tec Design is committed to implementing open systems, allowing clients flexibly transition from proprietary product hardware to managed services and cybersecurity.
Top 3 Misconceptions About Cyber Security & Access Control
If you don’t think cybersecurity is an issue today you are dead wrong. But even if you think you are on top of things, chances are you — or your customers — still harbor some misconceptions, particularly when it comes to access control systems.
According to Terry Gold, founder of D6 Research, a research and consulting company dedicated to cybersecurity and the physical security industry, there is still a lot the security industry gets wrong, particularly when it comes to understanding actual hackers and their motivations and methods. (See online exclusive, “Think Like a Hacker to Better Understand Cyber Security.”) But he has seen promising movement.
“D6 Research has been seeing a slow but progressive change in sentiment over the past couple of years,” he says. “I sense a movement where 2018 is the year of the security industry to reach a consensus that it’s no longer acceptable to be dismissive of cybersecurity.”
It is a progression, agrees Bill Bozeman, CPP, president and CEO, PSA Security Network, Westminster, Colo. “Originally when we started on our soapbox, it was denial. Now we are past that stage, which is good…. Everyone became aware simultaneously that this is an issue and now it is at the action level. We have gone from denial to awareness to action. We are much better off now than two years ago.”
Despite this, there is still a perception in the security industry that access control is somehow a little less at risk — and that is just not true, say the experts.
“Access control is generally one portion of an organization’s comprehensive protection plan that incorporates additional pieces, such as fire, intrusion, video surveillance and video management, to name a few,” says Eric Widlitz, vice president, North America sales, Vanderbilt, Parsippany, N.J. “However, the safety of a business is only as strong as its weakest link.”
Let’s take a look at some of the top misconceptions, with some advice for each.
1ACCESS CONTROL IS NOT AS VULNERABLE AS OTHER SECURITY SYSTEMS.
Many people have this impression, but while it may seem that way, it’s simply not the case.
Ryan Zatolokin, business development manager, senior technologist, Axis Communications Inc., Chelmsford, Mass., says in some ways access control systems can even be more vulnerable because video systems historically get changed out for newer models more frequently than access control systems. “It is a misconception that video is more at risk. All networked devices are at risk…. Not one is inherently more at risk than the other. The concerns with access control are the same as with video — those older systems that aren’t maintained. [But] there are legacy access control systems running today that may have a Windows 95 box actually controlling a board in the closet. That to me is scary.” Legacy systems are very vulnerable, says Matt Barnette, president, Mercury Security, part of HID Global, Long Beach, Calif. “All of these panels are network devices so by default if you are installing it on the network you are potentially opening up a gateway for someone to hack in.”
Even that might not be enough, Gold cautions. “One of the biggest misconceptions is that cybersecurity is primarily about network security. This is only one aspect; there are many others not even related that can undermine everything. Even if a network is completely secure, once someone gets in, then what? Strategy needs to have depth in so many areas. Attackers know this.”
Derek Arcuri, product marketing manager, Genetec Inc., Montreal, agrees. “We hear people saying, ‘So what if someone hacks my IP connected lights or HVAC? They will make my lights turn off? Big deal.’ It is a big misconception that the technology in question is the only victim. In reality, it is everything that is connected to that system. Think of the entire network in terms of every single server or edge device that comes in contact with that access control system.”
Access control has been an afterthought, but that is changing, says integrator Colin DePree, sales manager, Pro-Tec Design, Minnetonka, Minn. “We are a lot further along on cybersecurity from the video platform perspective, but now we are starting to see OSDP and cloud-based access platforms that are forcing us to understand cyber hygiene and having those conversations [on the access control side].”
Pick the Right Partners — & Be One
When it comes to making sure access systems are as secure as possible, start by finding the right manufacturing partners, says Mercury’s Matt Barnette. “Make sure you are partnering with companies that are taking it seriously and providing you not only with products but knowledge on how to secure them.”
Farpointe provides cybersecurity tools such as vulnerability checklists, but it goes beyond that, says Scott Lindley, president, Farpointe Data, Sunnyvale, Calif. “Farpointe Data sees its most important challenge as helping integrators stay in compliance with cybersecurity law. For instance, the FTC has decided it will hold the business community responsible for failing to implement good cyber practices and is now filing lawsuits against those that don’t.”
Several manufacturers today provide penetration test results as well as offer cyber-hardening guides and other documents on how to install their products in a cyber-hardened way.
But Northland Controls’ Henry Hoyne also cautions integrators to do their own due-diligence when picking products and manufacturers. “People think something is secure because the manufacturer says so, as opposed to asking for whitepapers and independent penetration tests. It is simple for any manufacturer to conduct their own pen test and possibly misrepresent their findings.”
D6’s Terry Gold agrees. “Revamp how you generally accept information and assertions made by manufacturers. Raise the bar for them to provide information that validates their claims. Trusting them is not the same as trusting their claims about their product. From a cybersecurity standpoint of your customer, you’re accountable for the latter.”
But it is definitely a two-way street, Barnette says. “We have taken a number of steps that include paying for third-party independent testing…But just because we put features into a product, those still have to be enabled when installed on a customer’s site. Installers need to know how to turn on certain features and configure them on a customer’s network. Otherwise, they can be an open door for a hacker to get through if the products being installed aren’t protected.”
2IT IS MAINLY SOMEONE ELSE’S PROBLEM.
Cyber security is not a one-stop problem/ solution. “Both end users and integrators tend to think it is someone else’s problem,” Zatolokin says. “They might think IT is taking care of it, or the security department is taking care of it. Often there is just not enough communication around this.”
Sometimes it is a matter of not knowing what you don’t know, DePree says. “There can be a lack of urgency or knowledge of what we can do and how we can improve. Sometimes it is an over-reliance on the manufacturers, thinking it is their equipment so it is their responsibility. In reality, it is all of our responsibility.”
DePree adds that the real problem is communication. “There is a partnership needed between the customer, the integrator and the manufacturer. If every single one is doing their part in cybersecurity, it can work. But if the manufacturer says they are doing their part yet they are not communicating or teaching or training the integrator on what they should be doing; or the integrator says they know about cyber and they put the best-rated access control system on, but don’t know what settings they should be using; or on the customer side they say they are just putting access control in and their network is secure, then all three think they are doing a good job, but in reality there has to be continuity and communication through all three of those layers. It has to be a cooperative effort.”
Have the Right Conversations
Axis Communications’ Ryan Zatolokin advises integrators to go in asking the right questions. “Ask the customer, ‘Do you have an IT department? How involved are they? Do you have an IT policy? Does it have to be applied to the access control system?’”
This is both a priority and a challenge for Northland Controls’ Henry Hoyne. “When it comes to the clients, sometimes the biggest problem is not getting to the IT group early enough.”
Pro-Tec Design’s Colin DePree agrees. “If we are not dealing with the IT team at the time of sale, we require and mandate that we have access to them. We need to communicate that these are the devices, here is what the network looks like and the data that will be going across it.”
When it comes to talking to end users, the more specific the better says D6’s Terry Gold. “Have each client define their cybersecurity goals. Avoid generalizations like ‘high security’ because this is subjective. Instead, define them by outcomes and results, such as specific scenarios that will be prevented.”
The integrator’s role in the cybersecurity equation is often to be the conduit between the manufacturer and end user, ensuring that both hardware and firmware are kept up to date, and working closely with the end user to plan ahead for future purchases toward their ultimate cyber security goal.
This includes the integrator taking on the role of ensuring that updates occur, Widlitz says. “You can’t simply install a solution, then walk away. It’s important to educate the customer on the possible vulnerabilities that exist within any system and the proper protocols needed to continuously update the software and firmware to avoid such threats.”
DePree adds, “We believe updating firmware is the single biggest thing our industry can do, but sometimes we are not doing it because the client is pushing back. Five years ago firmware updates had to be something new to get value. Now those are just as important to fix any bugs, leaks and vulnerabilities.”
Legacy access control systems, in particular, are a place where integrators really need to step up, PSA’s Bill Bozeman adds. “Be on top of the latest changes and upgrades in software, and make sure the end user is up to speed. It is their responsibility to bring it to the attention of the end user and the manufacturers to provide it.”
3CYBER SECURITY IS TOO COMPLICATED — OR TOO SIMPLE.
Many security integrators are so overwhelmed by the issue of cyber security they truly don’t know where to start; while others see it as a problem that can be “fixed.” Although there is no doubt that the issue of cyber security is real and complex, there are always ways to tackle tough issues.
“Sometimes people want something that will solve all their problems,” Zatolokin says. They want some specific magical feature that will make that system secure or a magic box you can put on a network to make it secure.” He has also seen the opposite reaction.
“When I talk to IT background people it is a short, concise conversation. If not, it could be a sky-is-falling conversation. Every risk can be mitigated.”
Widlitz says, “With cybersecurity, you must act every day. It is not something where you can say, ‘We’re safe; we’re secure; let’s forget about it.’”
It is a very old saying, but, How do you eat an elephant? One bite at a time. The best advice on where to start is to start somewhere.
PSA’s Bill Bozeman advises starting with insurance — but not just any insurance. “It is unlikely it will come from an existing provider because it is rare that their offering will be adequate. We recommend our integrators go to a specialist that really understands.” (See “When All Else Fails— Why Cyber Liability Insurance Matters,” exclusively online at: www.SDMmag.com/ why-cyberliability-insurance-matters .)
Simultaneously he suggests picking someone and putting them in charge of the effort. “Someone needs to take responsibility; someone needs to be in charge who wants to study the problems, go to the sessions, and get their arms around the issue for their company.”
Bozeman describes a three-step process for any company: “Look inward, then look to the customer, then look for opportunity.”
While this is good advice, Henry Hoyne of Northland Controls also cautions integrators to get to the point as quickly as possible where someone in the organization specializes in cyber knowledge. “It is unrealistic to assume your current IT team has the ability to address all things cyber. That requires specialized knowledge.”
Genetec’s Derek Arcuri suggests integrators settle in for the long haul and prepare to grow the solution over time while making sure not to overdo it. For example, air-gapped networks are a good start, but they aren’t enough. Yet there is a danger of also going the other direction and doing too much.
“You don’t want to over-complicate it to the point you can’t keep up,” he says. “You can’t over-secure your network if you can’t maintain that philosophy. For example, you could segregate the network and secure everything in the architecture; then a few years later a younger manager takes over IT, decides it looks so complex and cleans it up. All of a sudden a waiting virus is introduced.”
Terry Gold of D6 doesn’t sugar coat anything, saying that cybersecurity is extremely complicated and many in the security industry don’t yet have an idea of how secure they really need to be. However, he notes that the security industry is not a pioneer in the wilderness.
“The good news is that there’s much to learn from the journey that IT went through starting 20 years ago. One of those lessons is that security is a set of principles and practices, not a product or specification. So the journey for any organization needs to start there, then translate that into physical security.”
Education Technology Insights Names Pro-Tec Design a Top 10 Security Solutions Provider
The rapidly changing technology landscape has manifested security vulnerabilities on educational campuses in ways previously unimaginable. While educational institutions have always been a safe haven for students, shielding young minds from the negatives of the outside world, the recent school tragedies underscore the imperativeness of campus security in the education sector. “When it comes to securing educational campuses, the primary challenges are often budgetary constraints and changing technology and regulations,” begins Eva Mach, a proven expert in finance, operations, and entrepreneurship.
Eva believes that in order to make the world a safer place, the education sector must establish a system that can protect students and staff while also being welcoming to its visitors and open to the community. As the President and CEO of Pro-Tec Design, her weapons in this battle are Pro-Tec’s powerful security solutions that accomplish their mission of protecting clients with technology and staying true to their core values. Pro-Tec Design, a 100 percent employee-owned company, takes a holistic approach to drive unparalleled protection for teaching institutions—whether K-12 or higher education—through its wide range of reliable and high-performance security solutions.
Pro-Tec is recognized across the U.S. as a trusted advisor for delivering proactive security solutions, in line with the latest technology advancements.
To ensure a safer environment at K-12 schools and college campuses, Pro-Tec’s solutions cover everything from visitor management, access control, video surveillance, centralized intercom communications and more. Their visitor management solutions allow establishing a more secure learning environment while preserving the open, inviting culture for visitors. The company partners with premier manufacturers such as Lenel, Milestone Systems, Avigilon, Honeywell and Bosch emphasizing open system architecture to provide access control and video management solutions that empower clients with the flexibility to custom-fit security parameters based on their unique requirements. Pro-Tec also maintains strong relations with Axis and Panasonic for cameras and Feenics Systems for managed services access control services. Understanding the need to ensure impenetrable safety alongside budget constraints within the education sector, “Pro-Tec works hand in hand with the security directors/principals of the client institutions to assess their vulnerabilities. This helps us to craft the best security solutions at the best price point, whether it’s securing vestibules or the entire campus,” explains Eva.
What makes Pro-Tec second to none is their commitment to continuing education and learning to deepen their knowledge in industry-specific business and regulations issues. The company helps clients prioritize their security needs based on an initial risk assessment and guides them to install complex technologies in line with their business drivers. Pro-Tec brings to the table its numerous years of experience and proven expertise in securing clients from various industries including manufacturing facilities and airports allowing for cross pollination of ideas and solutions. To ensure seamless onboarding, Pro-Tec’s dedicated project managers assist clients with pre-deployment bench test, training, and required system updates. The solutions are complemented by a 24/7 helpdesk that assists with software updates and bug fixes, along with full warranty support during the warranty period. “We start with a risk assessment and then develop a solution for each client, which is followed by our proven process for installation, recommendation, and the support services that help clients to identify future changes. We go beyond just delivering security solutions to craft the best fit for the client’s environment on a limited budget,” illustrates Eva.
Pro-Tec continues to follow its core value of lifetime learning in order to keep pace with technology by investing and training in-house employees. They currently boast a nation-wide reach through its partner network and plan to expand its consulting and design and managed service offerings into the manufacturing and healthcare verticals.
Cloud Based Access Control
Jill Bartyzal one of our business relationship managers had an educational podcast with Chris Peterson at Vector Firm to talk about security trends with the Cloud. She focuses on how Feenics is the headliner for a cloud-based card access system with mobile applications and custom solutions.
Today I’ll be talking about a current security trend, Access Control in the Cloud. More and more companies are moving their systems and data to the Cloud so this is the perfect time to think about moving your Card Readers to the Cloud with Feenics Keep. Open platform controllers, open architecture SDK to build it yourself, open integrations, future-proof and protect your investment with elegant, modern technology. Pro-Tec Design is ready to demo Feenics anytime, anywhere – with cloud it’s easy!
To learn more, visit: http://vectorfirm.hs-sites.com/quickstart-podcast
Pro-Tec Design Help Desk
Here to give you easy access for the following:
- Quick answers to minor programming issues
- Troubleshooting system software prior to on-site assistance
- Help with setting up holiday schedules, access levels or new users
- Ability to remote connect to customers computers for advanced troubleshooting or software training
Availability: Monday through Friday 7:30 a.m. to 4:00 p.m. (excluding Holidays)
Open a Door With Your Smartphone
Whether you have the original 125KHz proximity technology, smart cards, or biometric readers, we can help you transition into a mobile-credentialed platform.
There are many different options to consider, and the transition can occur in many ways.
Let us help you successfully transition and deploy this new and exciting technology!
Manage Your Keys with Traka
Access control is great for tracking and managing entry through doors, but what about the doors that only use keys?
With products from Traka, you can securely store and manage access to keys or anything else that can go on a key ring.
Best yet, you can control them with all of the same features of your access control system such as:
- Allow access to only certain keys for certain people
- Allow access to certain keys for only specific times of day
- Set curfews on keys so they aren’t out too long
- Send alerts when keys are out too long