December 11, 2019
Is Your Access Control System Really Secure?
Read Time / 5 min.
This blog post is part of a series of articles related to STANLEY Security’s 2020 Industry Trends Report. To download the full report, click here.
Did you know that your access control system could potentially be breached by a product that costs less than $20 and is widely available to consumers?
Unfortunately, it’s become easier and cheaper than ever before to defeat access control systems that aren’t secured by edge-to-edge encryption.
The industry has long been aware of these risks, but until recently, it was complicated and expensive for people to duplicate access control cards.
Not anymore. People are now defeating security systems with tools they find online.
Historically, the contactless RFID proximity cards common in most access control systems have used 125 kHz unencrypted communication. When unencrypted, these cards can be easily duplicated and used to access facilities and assets that were thought to be protected by physical security systems.
Now, key duplication kiosks at most home improvement stores have RFID proximity card cloning capabilities. You simply tap your unencrypted card, the machine will read it, then it spits out a duplicate of that card.
What’s more, older access control readers that use the Wiegand communication protocol can be compromised through processes like what criminals use to skim bank cards at ATMs.
We’ve seen some industries, such as the banking and finance sector, take a closer look at the security of these devices – requiring encryption not only on the cards, but encryption from the access control reader to the panel, panel to the server and server to the database.
However, for the most part, the majority of businesses – from SMBs to large enterprises – either aren’t aware or aren’t concerned with the risks they face.
That’s where security integrators come in. Integrators and other security providers play a major role in educating consumers on these risks and helping them take steps to protect against potential threats.
It took several high-profile data breaches to get businesses to pay attention to cybersecurity. We don’t want to see the same indifference toward physical access control – indifference that requires a high-profile security breach to occur for people to take notice.
There continues to be a heavy focus on cybersecurity – and rightly so – but businesses must be just as vigilant about their physical security. Breaching access control systems that secure data centers, servers and other infrastructure that’s critical to maintaining business data and finances could be just as bad as a cybersecurity breach.
This is why businesses must upgrade their access control technology and use encrypted credentials that can’t be copied. Edge-to-edge encryption is already available on most access control systems and, even better, it doesn’t cost significantly more when specified on a new installation.
Businesses just have to know to ask for it or have an integrator that educates them on the need for this newer encrypted technology.
Although defeating access control systems may be easier and cheaper than ever before, the solution to protect against these threats is just as simple.
Businesses can’t afford to wait until it’s too late; it’s time to take notice and take action. Talk to your security provider about protecting your business with encrypted access control technology today.
For more insights on the security challenges, opportunities and trends in the coming year, download STANLEY Security’s 2020 Industry Trends Report.