By Imran Anwar
FBI has reported a 400% increase in cybercrime reports during the COVID-19 pandemic. Cybersecurity has become a big challenge for business owners while they try to keep their business running amidst the lockdown. The access control system is your first and final line of defense against cyberattacks carried out with the intent of gaining unauthorized access to the workplace.
Access Control and Cybersecurity
Right now, most organizations are working remotely or in shifts. Cybercriminals or disgruntled employees can take advantage of such times. Someone may try to steal your company’s vital information through MITM (Man in the Middle) attacks, a hacking technique in which the attacker secretly relays and possibly alters the communications between two data endpoints such as a card reader and key card.
Cybercriminals can also send phishing emails and malware to hack into your company server from where they can break into your on-premise access control system, enter the workplace, and walk away with physical or digital assets without you knowing it.
Are Key Cards Cyber-Secure?
A couple of years ago, a couple of scientists discovered a major vulnerability in hotel key cards that could have been exploited by intelligence agencies, thieves, and other criminals to gain access to rooms and cause further damage.
It is estimated that 80% of all key cards being used to control access to workplaces can be hacked or copied. All card readers run on Wiegand interfaces, a 1980s technology that even a complete idiot can easily hack by following commonly available online tutorials.
Electronic locks that need no wiring and only an internet connection to grant access can become the target of a cyber attack when the data communication is not secured by end-to-end encryption.
How Secure is Smartphone Access?
Smartphone-based access control solutions that run on company networks should be a cause of concern for cybersecurity teams. These systems make use of Bluetooth HID or NFC channels to relay data, which can be hacked unless secured with encryption.
Your network is only as secure as the devices attached to it. To be cyber secure, your access control system should offer endpoint security to prevent hackers from sneaking into the network by hacking someone’s phone and manipulating access control.
Requirements of a Cyber-Secure Access Control Solution
A cyber-secure access control system should provide protection against threats at all vulnerable points, which include data and application storage, access control devices, and the channel through which data is transmitted.
Data and Application Storage
Access control systems that store information on-site and work on your organization’s internal network are a big hassle to manage and a looming security risk. Thanks to cloud computing, modern access control systems are virtually impregnable and effortless to maintain. The backend is fully secured and managed through Google, Amazon, or other reputed cloud servers, so you can sit back and relax.
Using a simple mobile or desktop interface, the security team can grant or revoke access to any user to any particular section of the building or office. The cloud offers enterprise-grade security and trouble-free management and mitigates the risk of data loss, hacking, malware, and physical threats.
Access Control Devices
Key Cards: Most RFID cards can be duplicated in a matter of minutes using $10 devices easily available on the market. HID and NFC cards can be copied to phones. There are access control companies that claim their cards are cyber secure because they use 128-bit AER encryption, TLS, and PKI security. However, cards or fob access looks outdated with the advent of mobile and face recognition access control.
Smartphones: Smartphone access is a better choice from the cybersecurity standpoint. However, bad guys can steal or hack smartphones by using malware or even USB charging cables at public phone charging points. Theoretically speaking, someone can steal user credentials and clone them into another device to illegally enter the workplace.
Face Recognition: Facial recognition-based access control systems provide a better solution to cyber threats. Fraudsters may still be able to beat the system by wearing masks, but it would be like Mission Impossible.
Smart Locks: Cnet reports that out of 16 different Bluetooth enabled locks were tested at the Las Vegas-based hackers convention, 12 had inadequate BLE security. So, yeah, they can be hacked unless your access control solution provider has done a really good job at encryption.
Bluetooth, NFC, and HID: Bluetooth has several known vulnerabilities that make it as secure as a padlock made from pizza dough. NFC and HID are no better—they are just channels that you have to make secure by encrypting the data stream.
LAN/WAN: Access control systems that run on internal networks are not cyber- secure at all. WiFi networks are easy to hack. There’s always a risk of data theft or the server crashing or network glitches that make the system unusable.
Internet: Cloud-based systems with robust transitory and endpoint encryption make the data stream impossible to crack. However, users should make sure their internet connection is secure.
Face recognition based access control systems offer better protection against cybersecurity threats; not only because they use cyber-secure components and encryption, but also because they allow you to monitor and record everyone who’s entering the workplace or accessing its different sections. Moreover, you can implement two-factor authentication based on face and mobile credential to eliminate the risk of unauthorized access. Face recognition access control also adds video surveillance and video intercom functionality to the workplace without incurring the extra expenditure. And speaking of expenses, most cyber-secure access control systems are available for a pay as you go pricing model and require a minimal upfront investment.
Author the Author
Imran Anwar, Staff Writer. Imran Anwar has 10+ years of professional writing experience in technology-related topics including digital marketing, cloud computing, SaaS, mobile apps, artificial intelligence, IoT, face recognition, and building access control systems. As a Staff Writer at Swiftlane, Imran focuses on creating useful content pieces for blogs, case studies, white papers, and user guides. An outdoor enthusiast, Imran likes to garden and spend time with his family when he isn’t writing about access control and touchless technology.