Blog | Boon Edam United States

Cyber Risk Management Planning: Are You Missing Something?

Written by Greg Schreiber | May 21, 2018 10:18:00 AM

You’ve probably already done a ton of preparation to harden your organization against breaches. This could include creating firewalls on your network, applying network patches, establishing an information security policy, training your employees not to open phishing emails, implementing strong access control measures, setting up a strong password system, and more. Overall, you are feeling pretty good about your company’s cybersecurity strategies and overall cyber health. With all the work you’ve done, what could you still be missing?

Despite all of those efforts, your digital data and assets could still be vulnerable to a data breach: the wrong people could be gaining access to your facility with the intent to do harm. If a bad actor gets into your facility, they can simply plug into an IP port or walk out with a laptop or server and thereby get access to your entire network.

Consider this: do you know each person, employee, contractor and vendor who is in your facility right now, and why they are there? Despite all of the data security controls that you put in place, insider threats – people who have physical access to your facility, such as employees, former employees, contractors or business associates – can be your greatest weakness. As an example, in the Target data breach, the attackers backed their way into Target's corporate network by compromising a third-party vendor, a refrigeration contractor. A lack of physical security met a lack of cybersecurity, and the effects were disastrous.

Security Entrances Safeguard Against Social Engineering

Physical security systems that are breached, such as the entrances into your company, are where a hacker can begin to work, leading to data breaches of epic proportions. These can negatively impact not only your company’s short-term profitability, but basic business continuity and the image of your brand as well.

State-of the-art security entrances can help your organization to be both physically secure and cybersecure, and are an effective way to ensure that only authorized people are entering your facility, while also improving traffic flow. They also can replace or reduce the need for security officers at entrances. This is more important that you might imagine – while a professional guard may seem like the best form of entry security, the fact is that one of the most common forms of hacking is to fool security guards into allowing the hacker onto the property where they can plug into systems or steal hardware. It even has a name: social engineering. Jayson E. Street, a well-known speaker on cybersecurity and former (one hopes) hacker, is quoted as saying, “I don't have to bypass your firewall if I can bypass your receptionist."

Security entrances that are integrated with access control solutions and multi-factor authentication are ideal solutions to decrease the possibility of an intruder infiltrating a building. With two-factor authentication, a potential cyber (or other) criminal would have to get around two different forms of security, greatly compounding the challenge of breaking in.

Security entrances come in different shapes and sizes and with different capability levels. They provide for a range of assurance levels, from models designed to support guarded entrances all the way up to very high security levels that are effective even when unstaffed. Physical form factors range from waist high turnstiles for controlling high volumes of traffic to full height turnstiles, optical turnstiles, security revolving doors and mantrap portals that make it close to impossible to tailgate into your facility, with sensors that recognize shapes, size and volume and stop entry.

Best Practices for Cyber Risk Management Planning

Since today’s security entrances are themselves connected to the network, it is a cybersecurity best practice to ensure that they are well hardened to prevent their operation being compromised by cybercriminals. You should also limit access to the software that controls the security entrances and change network passwords frequently.

Another best practice is penetration testing, a commonly used and effective way to test your company’s cybersecurity. Penetration testing is an authorized simulated attack on your network to find any weaknesses, including the potential for unauthorized parties to gain access to your system.

Security entrances are an effective way to reduce your liability and the risks to the personal safety and security of staff, visitors, and anyone else in your facility – as well as your company’s network, servers, and data.