Monday, December 4, 2017

Is Poor Key Security Scaring off Tenants?

Agent giving keys to tenant
Having a list of amazing amenities and well-maintained units is great for attracting new tenants to your multifamily property, but what they see on the surface might not be enough to get them to renew once they've experienced how your property is managed.

If you're not doing enough to keep your tenants and their property safe or to provide them with good, efficient service, they could be looking for somewhere else to live when their lease is over.

Here are a couple tips for making your property a place tenants want to stay.

Keep Tenants and Their Keys Safe


How you treat keys to your units plays a big role in providing both security and good service. If your key security is falling short, you're leaving your tenants vulnerable to potential thefts and violent crimes. Employees misusing keys can also be a problem. For example, a Seattle woman recently caught a property's assistant manager stealing cash from her apartment.

Your property needs a secure and efficient way to manage your keys. Whatever method you choose to keep your keys safe, be sure you have a way of tracking who has keys and when. Handwritten logs are one way to track keys, but an electronic system that automatically records that information based on login credentials would give you a more accurate and easy-to-manage audit trail.

Reduce Your Liability


Poorly maintained or nonexistent key security and access logs can leave you open to lawsuits. It can also send a message to your tenants that you don't care about their safety — or your own liability. In the event that an access incident does happen, such as an employee who used a key without a proper reason or authorization, you need to be able to respond.

By tracking every key and all access to your property, you can answer any concerns about access that a tenant might have and reduce your liability. With a key control system that automatically logs access, you'll have a verifiable audit trail to determine if an employee had the key at the time in question. Having access to this information will also help hold your employees accountable for what they do with keys when they have them.

Manage Packages Better


The winter holidays are here, and your office is probably already inundated with boxes and boxes of online orders piling up in a back room (or worse, in the middle of your leasing office). Your staff already has their normal daily duties, but now they have to keep track of who's been notified about their packages, if a package has been retrieved and who needs to be notified again — all on top of making sure packages don't go to the wrong people or get lost.

Consider using a system that easily tracks packages as soon as your office receives them. You should be able to quickly create a record of the package, scan its information and have the system automatically notify tenants via email or text message. Then the tenants must sign for the package, ensuring the packages go to the right people. this will keep you from having a pile of boxes disrupting your regular office functions during the holiday season.

Managing properties, especially multifamily communities, requires juggling a lot of different components. How do you keep your property running smoothly and your tenants happy?

Monday, November 27, 2017

Combine Cybersecurity With These Four Physical Security Tips

Office worker searching confidential information
Earlier this year, the ransomware virus Wanna Cry encrypted more than 200,000 computers across the world. The Equifax data breach put 145.5 million Americans’ personal information at risk because an employee failed to apply a security patch. With high-profile incidents such as these, it’s easy to see why cybersecurity spends so much time in the headlines. While cybersecurity is important to protect your organization against a data breach, make sure you don’t overlook physical security — specifically key control. Follow these four tips to increase physical protection for your data.

Secure Keys to Areas Where Sensitive Data Is Stored


The Federal Trade Commission (FTC) recommends combining cybersecurity best practices with physical security guidelines, which are essential to protect against insider threats and social engineering. According to the FTC, you should store devices and documents containing personally identifiable information (PII) in a locked file cabinet or room, and use access controls for on-site data centers.

If you keep keys in a desk drawer or on a pegboard, however, that’s not enough to deter someone from gaining unauthorized access to files or devices. Storing keys in a tamper-proof electronic key control system rather than in an easily accessible area reduces your risk of a security breach.

Set up Access Levels


The FTC says to limit cabinet or room key access to employees with a legitimate business need. Employees should return keys as soon as they’re done with them.

Storing keys in an electronic key control system allows you to enforce these guidelines by setting up user profiles for various job functions and access privileges. If someone needs a key, they can only access the system if they’re authorized to do so.

Automate the Audit Trail


To improve employee accountability, it’s best to minimize the level of human involvement in your key control procedures. For example, say that your HR manager is in charge of issuing keys to locked filing cabinets containing confidential employee records. The manager maintains a spreadsheet of who has been issued keys and when, but there are a few problems with this method:

  • Someone has to remember to update the log.
  • It’s easy to manipulate data.
  • If a single person is managing multiple keys, they have to manually review the spreadsheet to determine if all keys have been returned on time.
  • It relies on a person’s trustworthiness and sound judgment. Someone could issue a key to an unauthorized user or use the key themselves for unauthorized purposes.

The benefit of using an electronic key control system is that it will automatically record data for each system transaction. If a key isn’t returned on time, the system will automatically send a text or email alert to the system administrator or sound an alarm. Additionally, the automatic audit trail gives you a reliable source for investigating the incident, and the accuracy of the data is less likely to be called in to question.

Be Cautious When Giving Vendors Keys


If it’s necessary to check out keys to a contractor or vendor, inspect their driver’s license to verify their identity. After checking out the key(s), print a copy of the key receipt and have each party sign. Ensure that the key grants the vendor access only to the areas they need to perform their job. You can also put a time limit on the transaction so you’ll be notified if the vendor has key for longer than they should.

Protecting your data requires a strong focus on cybersecurity, but you can’t afford to neglect security. For more tips, check our post “The Four Layers of Physical Security.”

Wednesday, October 25, 2017

How Key Control Reduces Employee Risk in Prisons

Correctional officer holding keys
With prisons struggling with overcrowding, it may seem reasonable to hire more correctional officers to help maintain the security of your facility. However, due to the stressful and demanding nature of the position, hiring new officers may not solve your security problems. In fact, as a result of understaffing, new employees are less likely to be vetted and trained properly, which can result in human error, unsafe work conditions and even corrupt behavior.

Correctional officers are responsible for controlling facility keys, equipment and weapons, making it crucial that they be held accountable. If these items are lost, misplaced or stolen due to a negligent or stressed-out worker, it could be disastrous for your facility. Consider the case of an Australian prison that saw a prisoner steal a set of unattended keys from a staff area as he was being released. The keys were not discovered missing until the next day and required 28 locks to be changed.

One way to help reduce employee risk in your prison is by investing in a secure method for managing your keys. An electronic key control system can create an automatic record of keys checked out by employees, in addition to alerting an administrator by text message or email when keys are not returned. This promotes accountability among your employees while also keeping you informed of the status of your prison’s keys.

As prisons require a higher level of security than most organizations, limiting key access to approved users should be a priority. A key control system that provides total lockdown security can lock keys in place to prevent users from taking keys they shouldn’t. Limiting access to keys can also help cut down on employees handling more keys than necessary, which in turn can help prevent lost or stolen keys.

Are you confident your prison keys aren't being misused?

Tuesday, October 10, 2017

Avoid a Campus Nightmare by Taking the Right Safety Measures

Slippery Rock University in Pennsylvania
Photo from The Clio
Three weeks ago at Slippery Rock University in Pennsylvania, former student Cody Delusio used a master key to enter a sorority house, impersonating the sorority's new resident director. The students in the house immediately had suspicions of his intentions and called the campus police. As the officers were on their way, one of the sorority members added Delusio on the social media app Snapchat, which has a new feature that displays your friends' locations. Later in the evening, the police were able to track down the trespasser's location.

Fortunately, Snapchat saved the school's reputation and saved the girls from danger. But what if none of the students had thought to befriend the intruder to track his whereabouts? What if he had other sorority houses' master keys? The story could have ended very differently.

When keys end up in the wrong hands, you jeopardize not only your campus safety but also the reputation and brand image you hold. To uphold the safety and reputation of your campus, you must ensure you've taken reasonable steps to secure your campus. One way to do this is to implement an electronic key control system.

With an electronic key control system, you can:
  • Increase student and resident safety
  • Reduce liability
  • Avoid rekeying costs
  • Prevent a negative reputational image
Want to learn more about how to secure your campus? Check out this blog post.

Monday, October 2, 2017

How Electronic Key Control Helps Combat Dealerships’ Top Challenges

Car keys with money
It’s tough finding the budget to prioritize all your dealership’s challenges, from employee retention to customer satisfaction to compliance. However, even if you do invest money in one of these areas, there is a common denominator that could be worsening each of these challenges and putting your investments on the line. That denominator is key control.

Consider the role key control plays in the following three areas.

Employee Retention


For many employees — especially salespeople and service advisors — time is money. Anything that extends the sales process longer impacts their earning potential. Unfortunately, only 49 percent of business owners are taking advantage of business process automation. Dealership employees are often required to perform manual tasks such as filling out key control logs. To save time, employees tend to take a key without completing the log. If anyone else needs that key, they have to spend time searching for it.

When your employees have to cope with longer processes, they have to deal with more frustrated customers, which can increase the employee’s stress level. These factors alone are enough to cause them to look for another job. A 10-point increase in turnover will cost you around $50,000 annually.   

Electronic key control systems offer features that allow employees to do their jobs more efficiently, including CRM integration, electronic key log updates and work order tracking. These capabilities increase employees’ earning potential and reduce frustration, making them want to stick around longer.

Customer Satisfaction


When you’re constantly onboarding new associates, it’s difficult to prioritize customers. Turnover not only creates a lack of continuity for customers, it also creates a breakdown in processes. New associates are more prone to mistakes like misplacing keys or failing to update a key control log. These errors force other staff members to take longer serving customers, which makes a negative impression on the consumer — especially in the sales department. When customers are buying cars, satisfaction is at its highest within the first 90 minutes on the day of purchase. That number begins declining once time spent goes beyond the 1.5 hour mark. Every minute counts.

Incidentally, after you’ve implemented tools to make employees happier (like CRM integration, automatic key logging, work order tracking and more), they’ll be more motivated to meet customers’ needs. Your customers will also appreciate not having to wait while sales reps and service advisors track down keys.

Compliance


Retaining employees and keeping customers happy is even more complicated when you throw compliance challenges into the mix. Improper key control methods and inadequate audit trails have significant compliance implications. For example, the FTC Commission’s Safeguards Rule requires you to store records containing sensitive customer information in a place where they can be locked when unattended. File cabinets, desk drawers and offices are also required to be locked securely.

Seventy-one percent of breaches at small to midsize businesses are caused by employees or on-site security weaknesses. That’s why it’s important to know who has access to areas with confidential information. If you do experience a data breach, it will cost you an average of $141 per record. On top of that, 84 percent of buyers won’t return to your dealership.

When the audit trail is consistently updated every time a key is removed or returned, you can rest assured that keys are not being misused, which helps protect your inventory and the areas where restricted information is stored. A system with security alarms helps prevent unauthorized or undetected key usage. If an alarm is triggered, you can act quickly and reduce your chances of a costly physical security breach.

These challenges don’t have to define your dealership. Fight them head on by addressing your key control first.

Tuesday, September 5, 2017

Do You Need to Improve Your Key Management?

Keys hanging in a box
Unsecured keys are a safety hazard to you, your employees and your customers, especially if these keys grant access to high-security areas, heavy equipment or valuable products. Poorly managed keys are easily stolen and can be used to swipe vehicles from auto dealerships, access school buildings or put apartment tenants at risk.

Organizations often fall for the false security a key pegboard in a back room or a padlocked box might provide them. These practices won't be enough to stop determined thieves, however. Keeping keys out of the wrong hands boils down to improving key management.

What Is Key Management?


If your company has a lot of keys, key management is an essential tool to help you stay organized and keep track of all of your keys. Not only does a key management system help you monitor the keys themselves, but it also helps you monitor when keys are checked out, who is checking them out and when they are returned.

Why Does Key Management Matter?


Replacing a missing key might seem like a minor expense, but even one missing key can lead to costly problems. If keys are lost, misplaced or stolen, your business could be at risk of theft of more valuable assets like vehicles or electronics.

Compare the concept of managing keys to good password security. If somebody with malicious intent guesses your simple password or finds it written on a piece of paper, they could easily have access to a large amount of personal and private data. They could use that information to buy things in your name, ruin your public image or damage your credit.

Poor password security can lead to expensive consequences. Likewise, weak key management practices can damage your organization's bottom line and reputation.

How Can You Improve Your Key Management?


Though keys are the gatekeepers to your most valuable assets, you, like many businesses, might still rely on low-security methods for keeping those keys safe. Pegboards and lockboxes with manually maintained key access logs are examples of low-security key management that can go awry, especially if you don't maintain accurate logs.

The good news is that there are several options out there that can help you keep your keys and assets secure and react quickly if a key does go missing. It's important for you to select a key management system that secures keys in tamper-proof steel drawers or secure panels and also automatically logs who took keys and when.

Automatic logs eliminate mistakes that could happen with manually maintained logs, giving you an accurate audit trail that will allow you to react quickly to a missing key and respond to potential security breaches.

Keys are an important access point for vehicles, apartments, restricted-access locations and more. By keeping your keys secure, you're helping keep all the associated access points secure as well.

What key management methods do you use? Do you have accurate logs anytime a key is missing?

Wednesday, August 30, 2017

Renters Want Keyless Entry, But Is It Worth the Risks?

Keypad entry
With the growing popularity of the Internet of Things (IoT), renters are looking for homes that reflect their connected lifestyle. Sixty-five percent of baby boomers and 86 percent of millennials would pay more for an apartment with intelligent upgrades such as thermostats, lighting or locks. In fact, the majority of millennial renters (61 percent) look specifically for apartments with electronic access features, believing these capabilities increase security.

With these figures in mind, you might be considering making the jump from traditional locks to smart locks at your property. Before implementing a keyless entry system, however, it is important to weigh the risks against the benefits.

Keyless Entry Systems Are Easy to Hack


Like other IoT devices, smart locks are typically powered by Wi-Fi, Bluetooth or Z-Wave connectivity, making them vulnerable to hackers. According to Berkeley researchers, “Flaws in the design, implementation, and interaction models of existing locks can be exploited by several classes of adversaries, allowing them to learn private information about users and gain unauthorized home access.”

Security researchers at the Def Con conference also pointed out that some locks can even be hacked by someone with minimal tech skills.

If a tenant uses their smartphone to control a smart lock, their safety could be at stake if their phone ends up in the wrong hands. Nearly 30 percent of people use no screen lock on their phones, so a criminal could easily access personal data stored on the device to determine where the phone’s owner lives and then gain access to their unit with the click of a button. Not only does this vulnerability put your tenant at risk, but it increases your property’s liability.

Managing the System Can Be a Full-Time Job


While keyless entry systems might make renters' lives easier, that is not always the case for leasing offices. Smart locks come with the administrative burden of programming fobs, cards, access codes or biometric fingerprints.

The locks need to be reprogrammed not only when a tenant moves in or out, but also if the locks have been compromised in some way, such as by hacking or a tenant losing a fob. If your property uses a keypad system, access codes much be changed frequently regardless of whether or not a breach has been reported. This is because codes can easily be figured out. A common problem is "shoulder surfing,” a social engineering technique where someone obtains the code simply by watching the tenant enter it. Even if the tenant willingly provides the code to someone, it could be overheard or shared without their permission. Depending on the size of the property, managing access rights could be a full-time job.

Even if someone hasn’t seen or overheard the code, criminals can simply examine the keypad for wear and tear. The buttons the tenant presses on a regular basis will show signs of use and thieves can try a few different combinations to discover the right code. To prevent this issue, the codes must be changed regularly, making it harder for tenants to keep track of their codes.

Some locks allow you to use biometric thumbprints instead of codes, but this can create an administrative burden for your employees, since they will have to scan new tenants’ thumbprints and deactivate former tenants’ thumbprints.

You Do Not Eliminate the Need for Key Control


You may be under the impression that key control is no longer necessary when you implement a keyless entry system. Although there are some smart locks that eliminate the use of traditional keys, many still have key slots that allow you to use backup keys in case the smart lock malfunctions. Some users have reported that certain models of smart locks frequently crash, so having the option to use backup keys is critical. If you do use traditional keys as backups, you will need to secure and control access to those keys.

However, regardless of whether or not your system requires a backup key, you will still need a way to secure and track preprogrammed cards or fobs for every unit to grant contractors access to specific apartments. While some properties will program a card or key fob as needed for all the units a contractor needs to access to complete a particular work order, this method requires multiple staff members to have programming privileges. The result is a system with little access restriction,
which is in effect like giving these employees master keys.

As CNET says, “A smart lock doesn’t necessarily equal a safer lock.” Renters might be willing to pay more for keyless entry, but is it worth the added administrative burden, security risks and increased liability?