Thursday, August 28, 2014

How Automated Key Control Can Protect Your Data Center

Modern data centerWith the string of data breaches among popular retailers during the past year, businesses are aware more than ever of the importance of cyber security.

However, one issue that hasn’t received much time in the spotlight lately is that if you take measures to protect your data against an online breach but fail to make sure your physical data center isn’t secure, you’re still susceptible to a data breach. After all, even data stored in the cloud resides in a physical data center.

Whether you store your data in a self-managed on-site facility or outsource it to a data vaulting vendor, you need to take adequate steps to protect the hardware containing your data against physical intrusions.

Restrict Access to Data Center


The Corporate Compliance Insight blog relates an account of a software company that went out of business after its backup tapes and a server containing all its database data were stolen. Over the weekend, thieves had jimmied the lock to the double front doors through a gap in the entryway. They simply entered the data center, which had been left propped open to provide better temperature control.

This company’s experience demonstrates that in the same way you encrypt data to deter cyber attacks, you need to ensure that the physical area in which your racks are stored is protected by secure door locks and make sure doors remain locked at all times.

Implement Rack-Level Access Controls


Data center security breaches don’t always happen after hours. One of the easiest ways to gain unauthorized access to a data center is by tailgating, where a visitor follows an employee into the facility.

For an additional layer of security, consider implementing access controls at the rack level. If you store your data at a colocation center that manages data for multiple clients, be sure you’re aware of how they secure the rack space containing your servers.

Take Precautions Against Insider Theft


In 2013, insider data breaches rose 80 percent as compared to 2012. To protect your data against physical security breaches, secure keys in a high-security electronic key control system that can restrict key access at both the user level and key level.

For example, some key control systems control user access through features such as fingerprint readers for biometric authentication, dual login requirements, motion-activated security cameras and manager-defined user permissions profiles.

At the key level, many electronic key control systems will sound an alarm or send a text or email alert if an employee attempts to remove a key they’re not authorized to have. Other systems, such as the KeyTrak Guardian, can even physically lock down keys so only authorized employees can remove them.

Use Automated Key Control Reporting


When performing routine physical security audits, key control logs are essential to determining how keys are being used and identifying potential security issues. Using an electronic key control system can automatically produce a 100 percent verifiable audit trail. This eliminates the element of human error that’s inherent in manual key control logs.

Automated reporting is also useful in that you can choose to receive an email or text alert in the event of a security breach, at which point you can run the necessary reports to investigate the issue.

For more physical security best practices, read our post "The Four Layers of Physical Security."

Wednesday, August 20, 2014

Prepare, Don't Panic

Panicked. 

It’s the best way to describe how you feel when you walk into your business and discover there has been a break-in. You’ve just lost your sense of security, valuable time and hard-earned money.

Prepared. 

It’s how you can feel if you take some steps to secure your business before it’s too late. This comes from implementing the appropriate physical security, installing an intruder alarm and having an electronic key control system.

Electronic key panelIf you use manual key control like a pegboard, you would be right to panic at the sight of a break-in. However, with an electronic key control system, you’ll know your valuable keys (and more importantly, the valuable things they unlock) are protected. You’ll be glad you prepared ahead of time.

If your intruder alarm doesn’t sound, the break-in might have come from an employee with access to enter the building. As you move forward with the investigation of the break-in, you can check your electronic key control system’s records. If it turns out the break-in occurred because an unauthorized user gained access to a key, you’ll be able to track down the last authorized user who had it and determine if they misplaced it.

The system automatically records all key activity, including when the key is removed, how long it’s out, when it’s returned and who checked it out. If a key is checked out for a suspiciously long time, you’ll know exactly who to approach about the situation.

A lot of businesses don’t realize the need for electronic key control until after a break-in occurs. But if you install an electronic key control system well ahead of time, you can be prepared and protected. Check out our website to find out more about electronic key control.

Tuesday, August 12, 2014

Museum Theft: The Inside Scoop

Eighty-eight percent of all museum thefts involve someone on the inside. This means the people you hope you can trust the most with valuable artifacts may, in fact, be the ones you have to scrutinize most closely.

The Silverton Museum in Oregon learned that lesson the hard way when two antique watches went missing without any sign of forced entry.

A contributing factor to the theft was the fact that nearly 15 volunteers had access to the keys for the first watch's display case. Moreover, the second watch's display case didn't even have a lock. When the watches went missing, there weren't any clear indications of who might have opened the showcases.

Key shining in gold lightThe museum can't ignore the need for tighter security now. The first step in tightening security would be putting locks on every exhibit. This small action would go a long way in securing valuable historical pieces and deterring any potential thieves.

Next, the museum would need to find a way to ensure responsibility among their employees and volunteers. One way to enforce accountability is by using an electronic key control system.

With an electronic key control system, you can give each user a different authorization level. Instead of providing volunteers access to every display case key, you can limit access to only the specific key that a volunteer needs.

Key control systems also create an automatic record each time someone checks out a key. If a theft does occur, an electronic paper trail will lead to the last person who had the keys. Even if they aren't responsible for the missing item, they might know how someone gained access to the keys that were in their possession.

Check out this post for more benefits of electronic key control.

Wednesday, August 6, 2014

Access Levels Could Have Prevented Theft of $460,000

Pile of quartersThomas Rica, a former employee of Ridgewood, NJ public works, was recently convicted of four counts of theft.

Rica lost his job as public works inspector for Ridgewood when it was discovered that he stole $500 in quarters from the meter collection storage room. However, a further investigation revealed that he had actually stolen $460,000 by pocketing quarters a handful at a time over a period of two years.

Now Rica will pay an initial fee of $69,000 to the village of Ridgewood as well as $2,000 per month for the next five years. He also lost his pension of $30,000 for his 10 years of employment. Along with these punitive measures, Ridgewood has taken steps to protect its assets and avoid similar situations in the future.

However, Ridgewood might have been able to prevent this crime from ever happening by simply using an electronic key control system with access levels.  Just looking at how Rica got to the coins in the first place reveals the problem: Although his job didn’t give him any reason to be in the meter collection room , Rica used a master key he was given “due to the nature of his position” to repeatedly gain unauthorized access to the room.

When using an electronic key control system with access levels, managers can determine which keys employees are authorized to use. That way, individual keys are checked out based on need, rather than just giving upper-level employees a master key. If anyone takes a key outside their authorization level, some systems have the capability to sound an alarm, send an instant text notification to the manager or lock the key down altogether.

Even if an authorized employee tries to steal assets using a key they have permission to use, the electronic key control system tracks and reports user activity, producing a verifiable audit trail that makes it easier for entities like Ridgewood to catch thieves.

To read more about how key control and access levels can track employee behavior and help prevent theft, check out our post “The Four Layers of Physical Security.”

Monday, July 28, 2014

Careless Key Control in Alcatraz and Indiana

Alcatraz, the most famous prison in the U.S., saw multiple escape attempts while it was open. Though no one succeeded, it's amazing more people didn't try, given the lax key storage. The key box pictured below clearly offers little resistance to resourceful prisoners.

Small box holding Alcatraz's keysFortunately, the key control standards of today are much higher. But even with the advanced key control technology that currently exists, sloppy key management still occurs.

For example, the largest prison in Indiana had to change every lock in its facility due to missing master keys. Not only are such mistakes costly ($53,000 in this case), but they also put lives in danger.

To prevent key control mishaps, consider using an electronic key control system that enforces accountability by automatically recording transaction information when a user requests a key. These systems record the employee's name, the date, the time and the key that was requested. If a key goes missing, you can use this information to quickly identify the last person who checked it out and resolve the issue immediately.

You can also set up text or email alerts to be notified immediately of missing keys, rather than finding out after the weekend has passed, like the warden at the Indiana prison did. If the checkout time of a key exceeds its limit, you'll know right away and can approach the guard who last requested it.

Has your prison experienced any additional benefits of electronic key control systems? Let us know in the comments.

Wednesday, July 23, 2014

Preventing Insider Theft: How to Keep Your Cars From Being Stolen Straight off Your Lot

A man in a mask breaking into a carSeveral car dealerships at an auto mall in Daytona Beach, FL are re-evaluating their security and staff accountability safeguards due to the weekly disappearance of cars from their lots.

During the investigation, police found that the problem resided in poor key control practices. They determined that the thieves most likely had easy access to keys (which pointed to an inside job).

With 500 employees working at the auto mall, the dealership realized that nailing down the culprits wouldn't be an easy task.

Keeping track of employees' access to keys at your dealership — especially when insider theft is becoming an issue — can be a daunting task if you don't have an automatic, verifiable system in place to help you.

By storing keys on a traditional pegboard or inside a desk drawer, you're giving personnel unlimited and unmonitored access to every car on your lot and therefore can't hold your staff accountable. However, with an electronic key control system, you can easily and quickly identify (and deter) dishonest employees.

Automatic key control systems only allow personnel with valid passcodes, proximity cards or fingerprints to check out keys, creating a verifiable record that you can use to track employees' key activity. You'll know when an individual took a key and returned it, making employees more accountable and less likely to use keys for criminal purposes.

To prevent key control related theft at your dealership, learn more about the benefits of electronic key control.

Thursday, July 17, 2014

The Four Layers of Physical Security

Icons representing various types of security
Businesses are constantly at risk of theft, particularly when their physical assets aren't fully secure.

The best way to keep thieves at bay is to break down security into four layers: deterrence, access control, detection and identification.

To help you protect your property and prevent theft, here are four ways an electronic key control system can enforce all four of these security objectives. 

Deterrence


By placing your keys in a secure key control system made of heavy-duty materials like steel, you can help prevent criminals from gaining access to high-security rooms or assets. 

An electronic key control system that requires employees to log in by entering a unique password, swiping a proximity card or scanning their fingerprint will also make it more difficult for employees to commit internal theft. Some systems will even automatically record the times employees take and return keys, creating a real-time verifiable audit trail.

Access Control


Chances are you enforce some level of access control for your facility, but if you’re not monitoring who can access your keys and high-value assets, you could be missing a vital layer of security. By implementing a key control system to manage your business’s keys, you can limit which keys are available to users based on job function, time of day and even days of the week so you can prevent employees from accessing restricted areas and items after hours.


Detection


If you're currently using manual key control, such as a pegboard or lockbox, you have no way of detecting the exact moment a key has been requested by an unauthorized user or has exceeded its time limit. By implementing an electronic key control system, you can choose triggers to sound an alarm or send a text or email to the system administrator. Such triggers include unauthorized users attempting to access the system, overdue keys or a system drawer being left open for too long. By alerting you of any suspicious activity, your system is keeping you and your assets protected the instant they may be compromised.


Identification


Employee accountability only goes so far. By using a key control system with a video camera and biometric fingerprint reader, you can eliminate the risk of password sharing and identify who accesses the system.

Adding a motion-activated video camera to your key control system will allow you record any person who approaches the system, even if the person doesn't attempt to log on.

While a video camera can help you recognize faces, a fingerprint reader will distinguish individuals on a biometric level. The system will only unlock for a registered fingerprint from an authorized user and since no two fingerprints are alike, you’ll know exactly who’s accessing your system.

With an electronic key control system you can meet these four security goals, know where your keys are and make sure your business is protected.