Cybersecurity Best Practices for Security Entrances

Security entrances safeguard entry points at facilities across the globe from the risks and liabilities associated with unauthorized entry. However, as these entry solutions become more and more sophisticated, cybersecurity concerns start to develop. Security professionals are seeing the benefits of doors and turnstiles outfitted with IP connectivity, including the acceleration of technical troubleshooting and the gathering of valuable metrics data. However, while the ease of connecting remotely to any entrance in the building is desirable, certain precautions must be taken to ensure both the building and the network are protected.

IP Connectivity of Physical Security Entrances Has Strengths and Cybersecurity Weaknesses

Let’s consider just three cybersecurity best practices for ensuring your physical security entrances don’t become an easy entryway for hackers.

(1) Connect Entrances to the Security Network

Any device with connectivity to the IoT (Internet of Things) must have two pieces: an IP address and a network (that the device will connect with). With that said, a security entrance with an IP address must be connected to a network before the appropriate personnel can access the entrance data. Organizations must place the entrances on a network so that they are accessible by the appropriate personnel, yet not openly broadcast to the public.

To accomplish this, most companies utilize at least two networks: a corporate network where the majority of the company data is housed, and a security network where cameras, access control systems, security entrances, and the like are connected. While nearly all employees are given some level of access to files on the corporate network, organizations only allow a small group of individuals to access the security network. Those with access to the corporate network typically don’t even know that the security network exists, as it is not easily discoverable using their IP addresses.

Another thing to consider is whether the security network should be wireless or wired. For a wireless security network, IT professionals must use strong methods of encryption to ensure hackers cannot easily access it. Wireless networks are inherently harder to secure, so some organizations choose to have personnel access their security network through a hard-wired connection.

(2) Perform Third Party Network Penetration Tests

Once the entrances are connected to the security network and before that connection goes live, it is vital that a third party perform a penetration (pen) test. A pen test is a simulated cybersecurity attack with the goal of uncovering vulnerabilities before the experienced hacker does. Effective pen testing combines manual (human) and automatic (computer) attacks, and can take anywhere from a few days to a few weeks to complete.

Once security entrances are connected to a network, perform penetration (pen) testsA pen test is critical when connecting security entrances to the network for two reasons. One, a hacker might be looking for a way to physically infiltrate a building by bypassing a physical security entrance via the network. Or, two, they may see the security entrance as a bridge to the security network and, ultimately, the corporate network. Once the corporate network is breached, the possibilities are endless. Because of the severity of a network breach, pen testers recommend that testing be conducted on a regular basis – at least once a year, or whenever there is a major upgrade or modification to the network, like the addition of security entrances.

(3) Lock Down the Control Panel

Control panels give guards and reception staff the ability to manually open or close a security entrance with the push of a button. This seemingly unassuming device at the front desk can be a hacker’s easy avenue for getting inside the building and downloading sensitive data.


Each person with access to the control panel has a unique pass-code they must enter before given the ability to manipulate the entrances. It is critical that the operator of the panel log out of the device each time they walk away from the desk, even if they’re leaving for just a few minutes. At the close of the business day, it is a best practice to unplug the control panel and lock it securely in a cabinet – out of sight, and out of the hands of anyone looking to get inside.

New call-to-action

Kurt Measom
Kurt Measom serves as Vice President of Technology and Product Support and is part of our Enterprise Account Security Team. Kurt has been employed at Boon Edam for over 21 years serving in multiple roles including Vice President of Technical Services, Training and Quality. Over the past four years, Kurt has worked closely with our Enterprise Sales Team as an advisor for security solutions to many Fortune 1000 companies and is currently a Lenel Certified Associate. Kurt graduated from the University of Utah with BS and MBA degrees and currently lives with his wife and children in the Raleigh North Carolina area.