Thursday, August 28, 2014

How Automated Key Control Can Protect Your Data Center

Modern data centerWith the string of data breaches among popular retailers during the past year, businesses are aware more than ever of the importance of cyber security.

However, one issue that hasn’t received much time in the spotlight lately is that if you take measures to protect your data against an online breach but fail to make sure your physical data center isn’t secure, you’re still susceptible to a data breach. After all, even data stored in the cloud resides in a physical data center.

Whether you store your data in a self-managed on-site facility or outsource it to a data vaulting vendor, you need to take adequate steps to protect the hardware containing your data against physical intrusions.

Restrict Access to Data Center


The Corporate Compliance Insight blog relates an account of a software company that went out of business after its backup tapes and a server containing all its database data were stolen. Over the weekend, thieves had jimmied the lock to the double front doors through a gap in the entryway. They simply entered the data center, which had been left propped open to provide better temperature control.

This company’s experience demonstrates that in the same way you encrypt data to deter cyber attacks, you need to ensure that the physical area in which your racks are stored is protected by secure door locks and make sure doors remain locked at all times.

Implement Rack-Level Access Controls


Data center security breaches don’t always happen after hours. One of the easiest ways to gain unauthorized access to a data center is by tailgating, where a visitor follows an employee into the facility.

For an additional layer of security, consider implementing access controls at the rack level. If you store your data at a colocation center that manages data for multiple clients, be sure you’re aware of how they secure the rack space containing your servers.

Take Precautions Against Insider Theft


In 2013, insider data breaches rose 80 percent as compared to 2012. To protect your data against physical security breaches, secure keys in a high-security electronic key control system that can restrict key access at both the user level and key level.

For example, some key control systems control user access through features such as fingerprint readers for biometric authentication, dual login requirements, motion-activated security cameras and manager-defined user permissions profiles.

At the key level, many electronic key control systems will sound an alarm or send a text or email alert if an employee attempts to remove a key they’re not authorized to have. Other systems, such as the KeyTrak Guardian, can even physically lock down keys so only authorized employees can remove them.

Use Automated Key Control Reporting


When performing routine physical security audits, key control logs are essential to determining how keys are being used and identifying potential security issues. Using an electronic key control system can automatically produce a 100 percent verifiable audit trail. This eliminates the element of human error that’s inherent in manual key control logs.

Automated reporting is also useful in that you can choose to receive an email or text alert in the event of a security breach, at which point you can run the necessary reports to investigate the issue.

For more physical security best practices, read our post "The Four Layers of Physical Security."

Wednesday, August 20, 2014

Prepare, Don't Panic

Panicked. 

It’s the best way to describe how you feel when you walk into your business and discover there has been a break-in. You’ve just lost your sense of security, valuable time and hard-earned money.

Prepared. 

It’s how you can feel if you take some steps to secure your business before it’s too late. This comes from implementing the appropriate physical security, installing an intruder alarm and having an electronic key control system.

Electronic key panelIf you use manual key control like a pegboard, you would be right to panic at the sight of a break-in. However, with an electronic key control system, you’ll know your valuable keys (and more importantly, the valuable things they unlock) are protected. You’ll be glad you prepared ahead of time.

If your intruder alarm doesn’t sound, the break-in might have come from an employee with access to enter the building. As you move forward with the investigation of the break-in, you can check your electronic key control system’s records. If it turns out the break-in occurred because an unauthorized user gained access to a key, you’ll be able to track down the last authorized user who had it and determine if they misplaced it.

The system automatically records all key activity, including when the key is removed, how long it’s out, when it’s returned and who checked it out. If a key is checked out for a suspiciously long time, you’ll know exactly who to approach about the situation.

A lot of businesses don’t realize the need for electronic key control until after a break-in occurs. But if you install an electronic key control system well ahead of time, you can be prepared and protected. Check out our website to find out more about electronic key control.

Tuesday, August 12, 2014

Museum Theft: The Inside Scoop

Eighty-eight percent of all museum thefts involve someone on the inside. This means the people you hope you can trust the most with valuable artifacts may, in fact, be the ones you have to scrutinize most closely.

The Silverton Museum in Oregon learned that lesson the hard way when two antique watches went missing without any sign of forced entry.

A contributing factor to the theft was the fact that nearly 15 volunteers had access to the keys for the first watch's display case. Moreover, the second watch's display case didn't even have a lock. When the watches went missing, there weren't any clear indications of who might have opened the showcases.

Key shining in gold lightThe museum can't ignore the need for tighter security now. The first step in tightening security would be putting locks on every exhibit. This small action would go a long way in securing valuable historical pieces and deterring any potential thieves.

Next, the museum would need to find a way to ensure responsibility among their employees and volunteers. One way to enforce accountability is by using an electronic key control system.

With an electronic key control system, you can give each user a different authorization level. Instead of providing volunteers access to every display case key, you can limit access to only the specific key that a volunteer needs.

Key control systems also create an automatic record each time someone checks out a key. If a theft does occur, an electronic paper trail will lead to the last person who had the keys. Even if they aren't responsible for the missing item, they might know how someone gained access to the keys that were in their possession.

Check out this post for more benefits of electronic key control.

Wednesday, August 6, 2014

Access Levels Could Have Prevented Theft of $460,000

Pile of quartersThomas Rica, a former employee of Ridgewood, NJ public works, was recently convicted of four counts of theft.

Rica lost his job as public works inspector for Ridgewood when it was discovered that he stole $500 in quarters from the meter collection storage room. However, a further investigation revealed that he had actually stolen $460,000 by pocketing quarters a handful at a time over a period of two years.

Now Rica will pay an initial fee of $69,000 to the village of Ridgewood as well as $2,000 per month for the next five years. He also lost his pension of $30,000 for his 10 years of employment. Along with these punitive measures, Ridgewood has taken steps to protect its assets and avoid similar situations in the future.

However, Ridgewood might have been able to prevent this crime from ever happening by simply using an electronic key control system with access levels.  Just looking at how Rica got to the coins in the first place reveals the problem: Although his job didn’t give him any reason to be in the meter collection room , Rica used a master key he was given “due to the nature of his position” to repeatedly gain unauthorized access to the room.

When using an electronic key control system with access levels, managers can determine which keys employees are authorized to use. That way, individual keys are checked out based on need, rather than just giving upper-level employees a master key. If anyone takes a key outside their authorization level, some systems have the capability to sound an alarm, send an instant text notification to the manager or lock the key down altogether.

Even if an authorized employee tries to steal assets using a key they have permission to use, the electronic key control system tracks and reports user activity, producing a verifiable audit trail that makes it easier for entities like Ridgewood to catch thieves.

To read more about how key control and access levels can track employee behavior and help prevent theft, check out our post “The Four Layers of Physical Security.”