You rely on your access control system to keep your facility safe. However, just like any physical or digital system, it is potentially vulnerable to hackers and those who would want to gain unauthorized access to your property and the other systems in your building.
Access control systems can connect to other things on your building’s network so that a vulnerable system may allow hackers into everything. This isn’t just about who can walk through the door. Hackers may be able to get into physical parts of the building, like your smart thermostat or smart sprinklers. There have been cases of hackers shutting off the air conditioning to overheat servers and therefore bring businesses to a halt.
Or, more nefariously, access control systems may be gateways into your other digital systems, such as your records. Hackers may get sensitive information, like credit card information for customers, or add malware to your filing system, once they get into the system. There are endless possibilities as to what a hacker can accomplish once they have access to your building and the company’s systems.
It is important to take steps to protect your access control system from hackers. Many of these things are simple and can be done by you or your access control system providers very quickly. Other things may take a bit more of an investment. Any of them might substantially increase the safety of your system.
Upgrade the System
The first problem that you’re likely to run into in terms of system vulnerabilities is that your old access control system was not built to be connected to WiFi. It may connect through DSL or dial-up, two connection types that are easy for hackers to take advantage of. Or, it may be connecting through WiFi but may not have the protections it needs to do so securely. There are many other ways that outdate systems may be out of date and therefore vulnerable to hacking tricks that many people are aware of
Technology moves quickly, so a fair bit of security is simply about keeping up. Old systems should be replaced, especially if they can no longer get software updates (or never did!) Buying a new system is an expense, but it is much better than leaving your system vulnerable.
Protect Data in Transit
When you walk up to an access control panel, you flash your phone or card, sending a signal that the panel receives. When that signal is out in the air, it can be picked up by hackers. That means that your system needs to protect the data while it is out there. There is also data transfer between the reader and the master console, and data transfer between these two parts of the system needs to be protected.
Encryption is the typical choice to provide this protection. Encrypted data is unreadable to those who might pick it up unless they can decode it (but this is very complicated.) Some access control systems will also have keys or apps that don’t store secrets so that the data is even more protected.
Update the System
All good access control systems should send out software updates, just like Windows and Apple send to your computer. As new security threats are developed, your manufacturer will automatically try to protect the system against them, writing new code that can thwart potential hackers. However, you won’t get the benefit of these updates if you have automatic updates turned off. Or if you don’t take the time to start the update process for systems that don’t have an automatic setting.
Sometimes your provider is responsible for updating the system. You will want to double-check this in your contract and then check-up on your provider every so often to be sure that they are installing any software updates your access control system needs.
Limit Administrator Privileges
Administrators are those people who have control over granting and denying access in your access control system. They are also usually able to see who the other administrators are and each individual’s level of access to the building. You should try to limit administrator privileges to as few people as possible. One person is always more secure than two, even if the second administrator is very high up in your company or has been with you for a long time.
Administrators can give someone access to the building and then revoke the access after the person has finished using it for their nefarious purposes. This way, they can create vulnerabilities in your system and even cover up that there was any unauthorized access or theft at all. Administrators typically also have the access that they need to install malware onto the system, which can cause many other problems in the other systems in your building too.
It’s important to know that administrators don’t need to have bad intentions in order to create vulnerabilities in your system. Well-meaning people can be tricked into installing malware or giving someone access to the building who may have bad intentions too. Plus, the more people responsible for removing former employee’s access to the system, the more likely it is to be overlooked, creating very serious security problems.
Set a recurring date, perhaps every six months, or some time frame that makes sense for your business, to go through administrator privileges and make sure that everyone who has them absolutely needs them. It is also a good time to review the access privileges of other people who interact with the system.
Talk to Your Provider
If you feel a little out of your element discussing security needs, that’s understandable. You’re an expert in your business, so you may not have time to learn everything about the digital world. You can work with access control system providers that have the security expertise you need to keep it safe. Protecting your access control system from hackers is a joint effort between you and the team at CLAD. We can help you make the changes you need or find a new system that will keep your business property and its assets and customers safe.