Securing Financial Institutions: Four Ways Modernizing Physical Access Control Promotes Strong Network Security
The financial services (FinServ) sector must meet a high bar when it comes to security. Facing constant risk of physical and cyber breaches, financial institutions must safeguard not only their employees and guests at physical locations, but also vast monetary resources, along with the data stores of customers’ financial and personally identifiable information (PII).
Adding to the risk, legacy and fragmented physical access control systems (PACS) persist as financial institutions largely manage multiple facilities across regional, national, or global locations. At the same time, the rise in cybersecurity threats has elevated the stakes as physical and logical access increasingly converge, requiring Security and IT team collaboration. Without collaboration it becomes easier for attackers to compromise physical access to networks and digital resources, leading to loss of institutional assets, compromised PII, and damage to an organization’s brand reputation.
To mitigate the growing cyber and physical security risks, FinServ institutions must migrate from legacy access control technology to more secure solutions, like high-frequency smart cards and mobile-enabled, multi-tech readers. Such a move supports the convergence of physical and logical access control — securing physical spaces containing critical data while boosting network security, a key requirement in the industry.
“In the financial industry, we are regulated, and we are required to protect our customers' information, and when we don't it can be very expensive and very embarrassing. There is a high reputational risk.” – A FinServ Security Professional, Los Angeles, CA (Omar Valdemar, VP-Manager, Corporate Security Systems, City National Bank)
A Snapshot of Access Control Technology in FinServ Today
The current credential technologies landscape features a mix of legacy solutions with some modern elements. In some cases, institutions may utilize heterogeneous solutions to address the varied levels of security needed to protect both high- and low-risk areas. Outer perimeters like parking garages and elevator access, often managed by a third party, may employ 125 kHz low-frequency prox or magnetic stripe, while the office suite requires a more secure iCLASS® or Seos® credential, managed by the institution. Layers of access control may be implemented on a single card depending on the party controlling access to the space, or the sensitivity and restrictions required for that line of business.
But security professionals know that employing legacy credentials like Prox and magnetic stripe fall short of their desired threat mitigation. According to a survey of 96 FinServ security and IT professionals conducted by ASIS International and HID Global, just 45 percent say their current solutions — including credentials as well as readers and controllers — satisfy essential requirements, and a slim 14 percent say their current deployments exceed requirements. More than 50 percent say their readers and controllers are three to six years old or older. More worrisome is the following: under six percent say their existing physical access control system meets or exceeds their current and planned requirements.
This article was first published in the August 2021 edition of Security Technology.
Sponsored Content by HID Global