Helping Security Directors Sleep at Night

Taking a positive role in how security is managed

Every day the news bombards the public with the newest security breach: stolen identities, intellectual property breaches, unauthorized access, active shooter situations and more. The list of threats is endless. Security directors of companies large and small have their work cut out for them trying to keep their employees, assets and buildings safe from harm. Threats come in all shapes and sizes, and can be found outside and inside an organization. They can be physical in nature, such as a terminated employee returning to a job site to hurt the person who fired them, someone stealing cooper tubing from a fenced in area or a terrorist attack.

With all these overwhelming threats, it is a wonder a security director sleeps at all.

Each security director deals with his or her unique security requirements and factors surrounding their business the best way they can, with the resources they have. The type and size of the business play a large role in how security is managed. Often, several systems must be integrated to run and secure a company efficiently, creating even more challenges. Let’s examine three situations that might keep a security director up at night and how to improve those processes.

MANAGING VISITORS

Three types of identities enter an organization each day. Employees, who are vetted with background checks prior to being hired, are considered the safest identities within a building.

Next are contractors, who may or may not be vetted via a background check, depending on the type of business. Contractors are considered semi-safe. They have access to limited areas and are free to roam about those areas. When their work is finished, their access cards are terminated.

Then there are visitors, who are the riskiest of all. Organizations do not know anything about the visitors who enter their buildings. They could be customers, students, patients or tourists. They could have a police record, be on a terror watch list or be an angry spouse of a woman working on the 8th floor. Daily visitors pose the biggest threat to organizations.

How can a security director better manage the daily influx of visitors?

They can start by implementing a web-based visitor management system that actively engages all staff to help pre-approve and vet guests. If an employee is expecting a guest, they can enter the guest into the visitor management (VM) software.

The VM software will not only notify the security staff that a guest is arriving, but it will send the guest a welcoming email. The email could include directions to the company, a map, and instructions about where to park or how to use the VM system upon arrival. Once the guest arrives, they can speak with the receptionist who will acknowledge them in the VM system and issue a guest pass. They may also perform a self-check-in at a kiosk or free standing tablet, or use a barcode or QR code that was sent to their phone.

The important factor here is that the guest is pre-approved by a trusted employee acting as a host. The VM system knows who the guest is, who they are visiting, what time they arrive, the reason for their visit and most importantly, that they checked out and their access to your assets has been removed.

If there is an issue with a guest, for example, they are a past employee who was recently terminated, that information would appear to the employee managing the visit. The VM system knows who are former employees, and also generates a do not admit and/or watch list.

A guest appearing on a do not admit list would not be allowed in the building. The web- based system manages all visitors, contractors and staff access rights from a single interface that can either stand alone or integrate with the PACS to deliver tight policy control, accountability and ultimately better security.

UNAUTHORIZED ACCESS

Power companies often have several small unmanned substations located in remote areas. If the wrong person gains access to an unmanned, or even a manned, substation, the potential for catastrophe is high. One unauthorized person can wipe out the power for hundreds of miles, causing chaos on the highways, local businesses and disrupting thousands of homes. Not to mention what a crisis could do to a power company’s brand, facility or intellectual property.

Creating policies and procedures to help manage access is critical. Setting policies such as a use it or lose it rule can help control access. For example, if an identity has not used their access card at a particular door, such as an unmanned substation for a month, the identity should automatically lose access rights to that door. Setting strict timeframes tightens security.

Software that provides robust identity and compliance audits and reports goes a long way to track employee attempts to access specified areas after hours and identify possible unauthorized access. Research shows that security breaches derive from internal employees as well as outside an organization. Breaches can be inadvertent or intentional. An Identity Audit and Compliance (IAC) system manages physical access and integrates it with back-end or building systems, such as IT or human resources, to allow an organization to manage a person’s identity throughout their employment.

Automated IAC systems managing physical access and policy information provide better controls, smoother on-boarding and off-boarding, give new employees proper access to areas or digital assets they may need, as well as revoke access when the person leaves the company. This eliminates a security team from manually removing access from each separate system, which is time consuming, errorprone and inconsistent.

With an IAC system, organizations can define policies and procedures, create an audit trail of events and eliminate miss-steps that lead to unauthorized access.

TERMINATION

The security director of a large bank once shared his concern over improper termination procedures. When an employee is terminated or leaves voluntarily, how can a security director be sure they are truly terminated in all systems? Large banks often use several systems such as an access control system, visitor management system, PSIMs and different building management systems. Is there an easy way to manage this?

Installing a centralized web-based Identity Audit and Compliance system streamlines the administration of access rights across an entire organization. When an employee is terminated, the information is entered once in the web-based system.

A workflow process can be adopted for administrators to configure employee access and termination status that will automatically filter through to all systems.

A web-based system eliminates miscommunication, and replaces manual and paper-based approval, change and audit processes. No paperwork is needed, and an audit trail proves the person was terminated in all places.

Implementing automatic revocation rules also help ensure employees are terminated.

Automated quarterly audits enforce managers to review employee access rights and make necessary changes. The more often the audits occur, the more secure a facility is. All departments become involved, ensuring better safety for everyone.

Security directors must deploy the best technology available and enlist the help of employees to effectively manage visitors. Companies must align their security protocols with their organization’s policies and procedures to enforce operational effectiveness. An Identity Audit and Compliance system helps an organization develop an audit trail of events, reduce manual errors which can result in unauthorized access and security breaches, and streamline access rights to ensure employee access is properly terminated throughout all company systems.

This article originally appeared in the March 2016 issue of Security Today.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.