News reports increasingly feature stories of companies from all over the world that have fallen victim to cybercrime, costing the business millions and leaving a damaging mark on their reputation. Tim Northwood, General Manager at Inner Range blogs about how you can help protect your organisation.
Getting the basics right
In a previous blog ‘Does your access control system offer robust cyber security too?‘ we looked at how important it is to have a strong foundation in your defense against an attack – considering both real and cyber scenarios. That means getting the basics right including:
- Firewalls and countermeasures reduce the risk of attack, such as malicious code designed to manipulate applications to modify, steal, delete or simply access secure or sensitive data system.
- Sandboxing isolates third party applications integrated with your core access control, such as video management systems, ANPR or visitor management systems to prevents malware from negatively affecting your system.
- Network secure communications mitigate the risk of interception by cyber criminals by deploying a robust level of end-to-end encryption across your entire network including access control system controllers, servers, door modules, and third-party products such as CCTV.
- Module substitution risk reduction can be achieved by ensuring devices connected to the access control system have their own MAC addresses.
- Stable network with failover protocols reduce the risk of vulnerable down time.
- Fine grain permissions for users allow you to create completely bespoke access credentials for each member of staff and visitor ensuring they can only access the correct areas and systems.
- A forensic audit trail covers every single action and engagement with the access control system, which means security managers can see exactly who has done what to the system and when.
Once you have these measures in place, remember to document all processes, procedures and guidelines to ensures all procedures are followed routinely.
Induct new security staff with your information security program as soon as they join and give regular refreshers to existing employees so they understand how even well-intended actions can create cyber risks.
If the worst happens
If your organisation suffers a cyber-attack, a disaster recovery plan will allow you to recover lost or corrupted data and get all your business-critical applications restored. The crucial component of any disaster recovery plan is that it needs to be tested quarterly, so make sure it’s more than just a document.
You’ll expose the systems and your organisation to a much higher risk of failure in the event of an attack if you don’t test your plan on a regular basis and prove it works as expected.
Evolving with the risk
It’s estimated there will be 30 billion devices connected to the internet by the end of this year, including computers and laptops, tablets, mobile phones, smart watches and web cams. Smaller devices tend to be more vulnerable to cyber-attack and there’s potential for criminals to cause chaos by targeting the large numbers of people who use these.
Ransomware, malware, phishing and social engineering are the most common cyber security threats to your business right now – and there are others are evolving at a rapid rate. Whatever new solution you design, someone will eventually work out how to hack it, so you need to stay one step ahead.
One emerging risk is cryptojacking, the secret use of your computer to mine for cryptocurrency. This sophisticated technique allows criminals to mine your computer from a web browser, rather than a downloaded program.
State-sponsored hacking is also on the rise. Large, long-term projects can steal commercial information, or even hack critical infrastructure organisations in other countries.
Investing in cyber security
The business case for investing in cyber security is clear. Cyber attacks can affect any organisation, at any time. Attacks can cost companies millions of pounds, cause chaos and do irreparable reputational damage. Nobody is immune to the growing risk, but it can be managed with serious preparation and ongoing vigilance.
There is plenty of equipment out there to help you build a security system with robust cyber security capabilities – but that’s only part of the solution. You need to recruit cyber security professionals to manage that system and advise on ever-changing or emerging threats. Investing in our people and training up more cyber security professionals will be just as crucial if we want to prevent the dangers of cybercrime.
For information about Inner Range’s intelligent integrated access control and intruder detection systems, visit innerrange.co.uk or contact 0845 470 500 and email@example.com