As mask mandates lift and workers return to their daily commutes to the office, it might be time to refresh and revamp your cybersecurity and physical security systems. Cybersecurity is a top-of-mind issue as the annual cost from cyber crime damage is predicted to reach $6 trillion and counting. However, combating cyber risks is only getting harder as cyber criminals are getting more sophisticated and IT environments are becoming more complex.
The best defense to ensure a smooth transition from remote work to in-person work starts at your front door with your physical security platform.
To evaluate the cybersecurity of your physical security platform, you need to ask your provider the following questions to make sure they build products, deploy applications, and manage their internal business in a way that keeps your company secure from all business aspects.
For example, while professional cloud-based solutions are designed to operate over public networks, systems originally designed for on-premise installation may lack precautions like strong hardware security and data secure transmission with the system server.
Network devices can be entry points for malicious attacks when they require open inbound ports and allow unauthorized inbound communication.
Make sure your platform reduces your “attack surface” by eliminating the need to establish open inbound ports. Additionally, ensure that the platform prevents malicious attacks with bot monitoring and other security techniques for self-detection. Transitioning to mobile credentials prevents keycard duplication, which can arise in the transition back to the office. For control panel authentication, a unique digital certificate should be issued for each control panel during manufacturing. Finally, make sure your platform offers a higher level of device communication security, like 256-bit AES encryption (the same level of encryption used in banking) with Transport Layer Security (TLS) 1.2 or higher.
The best providers deliver 24/7 monitoring on a network with a multi-layered security model to provide redundancy, business continuity and risk management. Without proper support and active monitoring, you could face security breaches and costly service disruptions, especially for older systems. Ask your provider if the application is deployed in multiple redundant data centers to make sure the building is protection. Have active cyber defenses and a documented response plan to make sure deployment and support happen without a hitch. Ask if current applications are analyzed on a regular basis to determine their vulnerability against recent cyber attacks. Applications should also feature two-factor authentication and enable automatic software/firmware updates.
For cloud providers, it’s necessary to go beyond data center (AWS) provided features and accreditations and look at the certifications delivered by the application provider. Providers need to limit internal employee access to their data center as well as key areas like backup storage and server rooms to protect your data. Make sure your cloud provider provides evidence of third party audits and vulnerability tests on software, hardware and internal processes. The platform should get an A grade in Qualys SSL cloud security and compliance tests. And, the platform should provide a service level agreement (SLA) guarantee for platform uptime. Finally, the platform provider should have strict internal personnel policies like monitoring what data and equipment internal employees can access.
Making sure these processes are up-to-date can ensure a smooth return to the office for your employees, especially your risk management, security and IT teams.
