Most security integrators lack expertise in defending against cybersecurity attacks on a client’s network. That’s slowly changing, but for now, it’s difficult for integrators to justify the costs of training cybersecurity experts or to hire experienced experts from other employers. Integrators often rely on a client’s IT department for cyber issues.
However, that doesn’t absolve integrators from playing a vital role in protecting client networks with basic cyber hygiene. Here’s a look at six steps physical security integrators can and should take immediately.
Know what’s there – Providing network and systems integrity begins with an accurate inventory of what security devices are installed and where. Remove or disable any readers, cameras or other devices no longer needed and work with your client to upgrade aging infrastructure and systems. Don’t let forgotten security equipment become an entry point for hackers.
Change passwords – Robust passwords are the first line of defense protecting any network device from enabling a hacker to access company records and operational data. One weak password is all that’s needed for hackers to create data breaches and launch ransomware attacks. For installation simplicity, manufacturers ship products with passwords such as 12345678. Immediately following installation, integrators must create strong passwords combining long strings of upper- and lower-case letters, numbers and special characters. Don’t use words found in dictionaries or letters and numbers that are sequential on a keyboard. Then change passwords at least quarterly or anytime a disgruntled employee with widespread network access leaves the job. Also, create firmware passwords to prevent unauthorized resetting or rebooting of devices.
Update software – Hackers constantly look for ways to penetrate security devices’ operating software. Unpatched software is a leading factor in successful cyberattacks. When manufacturers locate potential cybersecurity flaws, they provide patches through software updates. Keep abreast of upgrades to security devices and upgrade client software as soon as possible.
Gain certifications – Top device manufacturers offer certification classes for integrators to ensure security equipment is installed and maintained correctly. These classes for technicians don’t have deep dives into cybersecurity. However, proper installation and maintenance leave less exposure for hackers. Also, many clients look for manufacturers’ certifications when selecting an integrator.
Encourage your technicians and project managers to pursue industry certifications offered by ASIS, the Security Industry Association and others. Certifications including the Physical Security Professional (PSP), Physical Security Certification (PSC) and the Certified Security Project Manager (CSPM) provide cybersecurity elements. SIA’s Security Industry Cybersecurity Certification (SICC) is aimed at a wide gamut of professionals, including lead service technicians and installers and project managers, providing them with a deeper understanding of physical security and cybersecurity convergence.
Use multifactor authentication – Certain areas of a facility, such as records rooms and security operations centers, require a higher level of security to protect valuable data. Adding multifactor authentication goes beyond an access reader and may be as simple as adding a keypad for authorized employees to enter a unique code. Better yet, installing and integrating a touchless facial or iris reader into the existing access control system dramatically increases security as, unlike a code, biometrics can’t be shared.
Migrate to OSDP – Open Supervised Data Protocol is the current standard for access control. It has become an international standard with the backing of SIA and the International Electrotechnical Commission. It’s time for OSDP to replace the 45-year-old Weigand protocol that offers no encryption between the reader and door controllers. Hackers can easily capture the Weigand signal and create a clone access card. OSDP, combined with modern credentials, provides secure end-to-end deployments with AES-128 encryption.
Also, OSDP is required for integrators working with organizations requiring the highest levels of security, such as the federal government and data centers. OSDP meets the requirements of the Federal Identity, Credential and Access Management (FICAM) guidelines for secure bi-directional communication. Also, the standard integrates with biometric technologies for multifactor authentication. It’s an integrator’s responsibility to help clients migrate to OSDP for greater security.
Three other quick cybersecurity suggestions include:
- Advise your clients to limit the number of users with administrative privileges.
- Users and programs should only have the necessary privileges to complete their tasks. (Principle of Least Privilege)
- Help clients develop a written presentation to raise employee awareness of cyber hygiene.
It’s the responsibility of today’s integrator to become more cyber-savvy. Our clients depend on us to support their IT departments and ensure the security function doesn’t provide an easy target for hackers.