We have all watched our phone battery percentage switch to red and creep farther towards single digit numbers. Panic is about to ensue, but you glance over and see one of those handy-dandy public charging stations. You suddenly feel euphoric and want to hug the creator of such a thoughtful invention – but not so fast, you may have just handed all of your information, from passwords to selfies, over to a hacker who planted a little device inside the charging station.
A paralleling scenario can also strike targeting your Access Control system. Almost all readers lack a cryptographic connection between the card and the reader. What this means is an experienced hacker can simply pop off the face plate, add a plastic chip, and suddenly have control over who gets in, who doesn’t, and any personal information that may be in the system.
Unfortunately, both private and federal sectors are currently not protected from these intrusions. The Department of Homeland Security has yet to develop a strategy for dealing with these types of incidents, which also includes protecting their very own federal facilities. Most federal facilities have access control systems, elevators, electrical power, and ventilation that are all connected to each other on a network. Any of these structures and their connectivity make a location vulnerable for attack.
The potential of insider threat is equally if not more threatening than outsider harm. Employees on the inside are trusted to work beside you and have access to passwords, personal information, private company information and processes readily available. Disgruntled employees, hired subcontractors, or those with personal motives are not to be forgotten when considering your cyber protection plan.
For now, the DHS has stated that they are working to develop a strategy for addressing cyber threats as they relate to access control systems. After comprehensive review it will issue guidance on appropriate measures. Until then, we recommend the following three easy ways to protect yourself and your organization:
1. Put all of your security systems on a designated separate network to greatly reduce potential entry points.
2. Change your passwords frequently and increase their complexity. It sounds simple, but this is one of the easiest ways for someone to have unwarranted access if not taken seriously.
3. Ensure employees are aware of common hacks going around and make certain your organization is utilizing anti-virus software on their computers.