Access control systems as a potential security risk: offices around the world are orphaned in the pandemic, as they are usually only between the years. Last autumn, the Federal Office for Information Security (BSI) warned that cyber criminals could exploit the situation
As a result of the pandemic, many offices have been orphaned as they are usually only between the years. The BSI has already issued a warning. But danger does not only come from the network. Empty company rooms can also pose a risk if they are equipped with inadequately secured or outdated access systems.
RFID is easy to fish for
A scenario could look like this: In an office building, access is controlled with RFID cards, similar to many hotels. Corresponding readers are attached to the doors. In an unobserved moment, a criminal messes with the reader at the entrance, opens it and installs a tiny chip that will in future save the information of every card read. After a while, our burglar picks up his chip again, copies the stored information onto a blank card and can go in and out as he likes in the future. He may be stealing valuable hardware from the office building this way. In the orphaned business premises, he can take his time with it and doesn't necessarily have to do it at night. Or he can gain access to server rooms in order to steal data or install malware such as ransomware or spyware.
Office access is part of the security strategy
The example shows that cybersecurity is much more than just the best possible protection of the actual company network. Physical access to offices and other rooms must also be considered and existing access systems must be checked regularly. Modern systems of the latest generation use, for example, IP-based technology instead of RFID chips, which are vulnerable to security gaps. They also offer the advantage that they can be combined with different hardware and can be repeatedly adapted to current conditions. Access is here also via chip cards or dongle, but also via smartphone. Often they can also be combined with two-factor authentication using a separate code or biometric data.
IP-based access control
But the new IP-based access control systems are not a panacea either. In particular, if they are misconfigured or inadequately protected, they offer a broad target for criminal hackers, both locally and remotely. The use of smartphones as keys is also not uncritical, because these devices, or the access data stored on them, must be specially protected. In addition, the communication between key and lock must be secured and encrypted to ensure optimal protection.
Of course, it is extremely time-consuming to completely replace an existing system, both organizationally and due to the structural conditions. It is therefore advisable to proceed gradually and, if possible, to integrate older hardware into the new system until it is replaced.
More at 8com.de
About 8com
The 8com Cyber Defense Center effectively protects the digital infrastructures of 8coms customers from cyber attacks. It includes security information and event management (SIEM), vulnerability management and professional penetration tests. It also offers the setup and integration of an Information Security Management System (ISMS) including certification according to current standards. Awareness measures, security training and incident response management round off the offer.