Whether you have a building that has successfully used the same access control protocols for years or one that needs change, this coming quarter of 2019 is a good time to consider reassessing the system and procedures you use. Critically, if you are not using any form of access control, consider adding it as part of your security plan sooner rather than later.
Having a solid access control system and policies in place will help keep your occupants, assets, and property safe by ensuring secure access for the right people to the right segments of your property.
Sitting next to surveillance and maintaining a human presence on-site, a system of electronic access control completes a triad of safety, and will be designed to take into account the design of the building, any complementary security systems, and training for those who will use it. Following are three things to think about when working with a security integrator to design and implement electronic access control on your properties.
1. Setting Access Levels
Borrowing a page from the “Zero-Trust” doctrine of info-sec administrators, it is important to think with the mind of the potential aggressors you are implementing the system to protect yourself against. There will be people who simply do not need access to all levels of a building, and before deciding who should have what level of access, the building itself should be examined to determine points of exposure.
It can be useful to take a map of the structure and break it down into zones of different colors according to the access or security level needed. Then you can decide who can have access and associate time and date restrictions to those identities.
It will generally make sense for the majority of employees to enter and exit through a single point of entry, so as to more easily monitor who is in and out of the building. From there, branch out and look at the rooms inside. Set a protocol in place to make sure everyone has the right level of access for their needs, but nothing more. Modern systems will create a “digital fingerprint” for each person granted access, able to track their movements and any times they accessed specific areas.
2. Audit Access
A common trap to fall into is an over-issuing of key fobs or cards over time. As people report losing cards or forget them, it is often simplest to issue another right then and there. Of course, this creates significant security concerns overtime with duplicate access cards potentially being available for malicious use. To manage this, facility admins must either audit the system regularly or set automatic time-out features to the cards.
These features could include:
-Access denied if the card has not been used within a set amount of time
-Self-expiration of the card
-The direct connection of the card to a database that will be managed personally or by an administrator
In the event that third-party employees require access, a separate database can be created. Using a specific search term for these contractors will differentiate them within the database.
3. Perform Periodic Testing and Protocol Assurance
Just like any other electronic system, regular testing and updating of drivers is necessary. Security flaws are repaired through patches by the vendor, and if you fail to update, the potential for threat actors to take advantage of that failure exists.
Furthermore, without the assurance of procedures and protocols surrounding the use of these systems, their value is greatly reduced. For instance, a simple but popular method of building intrusion called “tailgating” relies upon our social tendency towards politeness over security assurance. In this attack, the threat actor simply follows closely behind someone accessing the building and relies on them holding the door for them.
This is actually one of the most difficult to control threats to an access control system due to its simplicity and zero-tech approach. Having multiple layers of security, man-traps, and other fail-safes massively reduces the success rate of “tailgating”. Protocol should assume anyone who cannot present a card or other provided identifier to be a potential threat.
Security Technology of South Texas is happy to offer
custom access control and surveillance solutions to the
business security market, designed either turn-key and from the ground up,
or integrated into an already existing series of cameras and access control
Please contact us through email at email@example.com
or by phone at 210-446-4863 24/7 to schedule a consultation.