The use of IP-based access control solutions to manage employee comings and goings has dramatically increased in recent years. The Internet of Things (IoT) has added connectivity to an abundance of devices that better facilitate access which has users – and potential users – rightfully concerned about the security of these newer technologies.
Electronic access control, mobile and cloud solutions—as well as the variety of hardware devices added to a network to facilitate access control (such as readers, controllers and electronic locks)—can make a solution vulnerable to cyber threats and cyber attacks, and potentially compromise an organization’s entire network. It’s essential when choosing an access control provider and solution, that the manufacturer and installer emphasize cyber security for the whole architecture, from the server down to the reader, above all else.
Many of the traditional access control systems use the Wiegand protocol for communication between the reader and controller. Because it is insecure and unencrypted, Weigand leaves many systems vulnerable to attack. Despite using secured credentials, the sensitive info that is passed onto the controller can be tapped into over the Wiegand wire. A more cyber secure option is the Open Supervised Device Protocol (OSDP) which is the golden standard in the industry. OSDP is highly secured and encrypted making it harder for cyber attacks. It is also trusted by organizations needing the highest level of security. In fact, it meets the requirements of the Federal Identity, Credential and Access Management (FICAM) guidelines that guides how the access control industry does business with the federal government.
Using smartphones on a network-based access control solution might – and should – raise concerns about cyber security. Rumors continue to swirl that newer technologies like Bluetooth or Near Field Communication (NFC) are not secure. However, when properly set up and maintained, they are. Bluetooth and NFC are simply channels over which information is transmitted. Believing that Bluetooth is not secure would be like suggesting that the internet is not secure. In both cases, the security of your communication depends on the technology, protocols and safeguards put in place.
As access control has progressed, we’ve learned that certain older technologies (like magstripe and proximity cards) can be inherently insecure. When choosing smart cards for your access control solution, always pick the latest generation with the most up-to-date technology.
As alluded to earlier, your network is only as secure as the devices you attach to it. For access control, one of the most vulnerable cyber attack targets are traditional readers and controllers that facilitate your access control solution. Ensure they, too, are equipped with the latest in secure technology and that that technology is compatible with any smartcard you choose (because oftentimes they aren’t).
Today, there are electronic locks that need no wiring and little more than an internet connection to facilitate access control. Sounds like the perfect storm for a cyber attack – and it can be – but reputable electronic lock manufacturers have been hard at work engineering important security protocols like encryption and authentication into these locks to help prevent malicious cyber attacks (and unauthorized access). When choosing hardware for your access control solution, only select those manufacturers that have committed to extending protection against cyber threats all the way to the door.
Use these tips when evaluating access control providers to ensure you are choosing a product that offers the best in cyber security protection:
Cyber attacks on businesses cost billions each year. One poorly secured access credential can give cyber criminals the keys to your business – literally. The best way to protect your business is to make cyber security a priority when choosing an access control system and remaining vigilant, and never become complacent about the security of your security.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine.