How can we avoid weak links in our data security?

March 7, 2022

FEATURED

Securing data against unauthorised access is more important than ever in 2022, reports Gallagher.

Cybersecurity is arguably the most important way organisations can reduce the risk of unauthorised access to information. It’s the application of technologies, processes and controls to protect systems, networks, programmes, devices and data from cyber-attacks. With smartphones, computers and the internet such a fundamental part of modern life, cybersecurity has never been more important.

“Data security is the process of protecting sensitive information from unauthorised access and includes several cybersecurity practices used to secure your data from misuse, such as encryption and access restrictions – both physical and digital,” explains Gordon Swallow, Strategic Business Development Manager at Gallagher Europe.

“Data security has always been important, but with more people working from home due to the COVID-19 pandemic, the internal network boundary increases – and so too does the security risk. A company’s security is only as strong as the weakest part of its network.

“Remote working has widened the net in terms of vulnerabilities across business networks – with more devices being plugged in, employees accessing corporate data and sensitive information being shared across unstable networks, there are more opportunities for unauthorised access to company data,” adds Swallow.

Why is data security important?

There have been several well documented examples of cyber-breaches over the years. Just this year, several Ukrainian government computer networks were hit with a cyber-attack in January, causing around 70 government websites to be temporarily down; it has been widely reported that this was the largest such attack on Ukraine in four years. Later that month, the UK National Cyber Security Centre (NCSC) urged UK organisations to bolster their cybersecurity resilience in response to the malicious cyber incidents in and around Ukraine.

The 2017 WannaCry ransomware cyber-attack is another example; this hit more than 200,000 computers in 150 countries, encrypting data and demanding ransom payments in Bitcoin cryptocurrency. The BBC reported that some of the biggest disruption was caused by attacks on the UK health system, which saw hospitals and clinics forced to turn away patients after losing access to computers.

“These are prime examples of why data security matters,” continues Swallow. “A cyber-breach can have serious ramifications for organisations – both financially and reputationally. As technology advances, so too does our interconnectivity between devices, networks and systems. Each new thing connected to your platform or network is a potential vulnerability.

“While it’s clear that the IoT now possesses a significant threat with more and more things being plugged in and connected to the internal network, there are numerous external threats to consider as well. This includes access control systems, building management systems (such as for lighting and heating control, air conditioning, room booking services) as well those applications developed for parking, surveillance and perimeter – the list goes on.”

High security solutions can offer effective protection against these increasing attacks. These solutions are not restricted only to organisations operating within the high security environment, but are available commercially for any organisation seeking a robust solution that adheres to national standards.

Reduce your cyber-risk

A cyber-breach of your security system could have far-reaching consequences. Gallagher’s solutions are designed to mitigate the risk of cyber-attack and protect your data. There are six critical success factors for high security solutions:

1 – Encryption and authentication are key. “Reduce potential cybersecurity risks through Gallagher’s end-to-end encryption and user authentication. End-to-end encryption protects against installer and insider attacks and encryption and authentication are built into all aspects of the Gallagher system,” illustrates Jason Hunter, Business Development Manager at Gallagher Europe.

2 – A government-assured compliance sets the benchmark and ensures products stand up to regional security standards, such as CAPSS (Cyber Assurance of Physical Security Systems) in the UK.

The Gallagher UK CPNI CAPSS High Security System is CAPSS Approved.

3 – Security systems should be simple to operate while also providing rich and detailed information that allows security officers to effectively handle any security incidents.

4 – It’s important that your controllers and readers are secure. “Controllers and readers should have hardware security modules on board to protect the secret keys for encryption and authentication. All devices should have certificates and serial numbers loaded in the manufacturer’s factory to protect against supply chain and substitution attacks,” adds Hunter.

5 – Auditability and easy patching are essential. Eventually, security vulnerabilities will be exposed in every software system as techniques and technologies evolve. It is essential that software and firmware can be updated over the network, quickly and efficiently.

6 – Ensuring that your system is configured to mitigate security threats. “Hardening is the review of every system component looking for possible weaknesses that could enable an attacker,” says Hunter.

Gallagher provides hardening guides for their Command Centre, Controller 6000 and Visitor Management Kiosk. These include information on best practice operating system configuration, card technologies and the impacts of legacy hardware.

Why Gallagher?

“At Gallagher, our solutions are designed from inception to be as cybersecure as possible. We continuously evolve our solutions to meet the changing threat at a software and physical level, building in robust cybersecurity at every stage. With a dedicated cybersecurity research team, we regularly carry out internal and external vulnerability testing that provide ongoing protection in an ever-evolving cyber-threat landscape,” explains Hunter.

Gallagher is also authorised as a CVE Numbering Authority (CNA). In becoming a CNA, Gallagher demonstrates a level of maturity in cybersecurity and a commitment to communicating vulnerability information to customers.

“Our customers can also identify potential vulnerabilities within their system using Gallagher’s Security Health Check, allowing them to proactively manage and respond to new and evolving security risks. Customers can also ensure a layered security approach to networks, data and systems using Gallagher’s multi-factor authentication,” remarks Swallow.

“We provide our channel partners with expert configuration advice to deploy the system in a secure environment, a Gallagher hardening guide to further strengthen each component and encourage our customers to implement regular software and hardware updates across all devices to stay current with cyber-threats and effectively manage obsolescence,” adds Hunter.

Looking forward

Organisations across all industries are seeing the very real risks of data security breaches with loss of income, disruption to operational continuity, data exposure and reputational damage all too important to ignore. 

Moving into 2022, it’s important for organisations to consider the risks IoT, remote working and third party devices present. As the risks to organisations continue to advance, robust security solutions that meet government standards are likely to become more commonplace in the commercial world as organisations look for solutions capable of providing protection against ever-evolving threats.

To find out more information, visit: https://security.gallagher.com/

This article was originally published in the March edition of Security Journal UK. To read your FREE digital edition, click here.

Read Next

Security Journal UK

Subscribe Now

Subscribe
Apply
£99.99 for each year
No payment items has been selected yet