Spencer Marshall, Director of Sales, HID Global explores how access control can help financial institutions to boost their security.
Whether physical or cyber, mitigating threats remains a top priority for financial institutions. The risks they face are persistent: they must not only physically protect their public-facing employees and their customers, but also digitally protect their personally identifiable information (PII) and financial information.
Banks and other financial institutions are painfully aware that consumers today are more informed than ever and that they look to financial institutions that have built a reputation of trust for their brand. One breach hitting the 24-hour news cycle could result in lost revenue, loss of customers and severe damage to brand reputation.
Mitigating risk
Consequently, the FinServ sector is recognising that it must migrate from legacy access control technology to more secure solutions such as high-frequency smart cards and mobile-enabled, multi-tech readers. This supports the convergence of physical and logical access control to secure physical spaces containing critical data, while simultaneously boosting network security, a critical requirement in the financial services industry.
Using legacy credentials like prox and magnetic stripe do not deliver the level of security needed to mitigate today’s threats. As a result, the FinServ sector is recognising that using disparate controls that operate independently in different locations isn’t a smart way to go – it leaves them open to a host of security vulnerabilities. In response, many are moving toward implementing physical access control systems (PACS) that better secure disparate facilities in diverse geographies by standardising the credentials at each location.
Why migrating to mobile is a must
New pandemic-driven security needs are driving demand for touchless access control solutions.
Mobile-enabled readers and credentials meet the demand, both in terms of enhancing security and providing touchless access. Many FinServ organisations have actually taken the first steps in that direction already.
The benefits are hard to ignore. Institutions are transitioning to mobile-enabled, multi-tech readers as an initial step and are finding that mobile credentials offer the possibility of instant, over-the-air provisioning – a critical need not only during the COVID-era of social distancing but beyond as well. Administrators can deploy and revoke mobile credentials with a mere touch of a button. Photo identification on mobile phones is replacing printed photo IDs, where employee images are often out of date or easily spoofed. And, very importantly, mobile credentials minimise the cyber risk inherent in legacy systems.
Another by-product for enhanced security is the fact that so many people are so dependent on their phones that they typically secure them with additional passcode, fingerprint or facial recognition features, making it much more difficult to duplicate a mobile credential than a prox card.
Benefit of a more unified PACS deployment
Financial institutions are seeing the benefits of eliminating disparate and fragmented security systems across their enterprises and finding that better alignment of their solutions is paving the way for improved management and tighter security.
In tandem with deploying a more unified physical access control system, security and IT management teams can start to merge access control with identity management solutions. That’s because access is only part of the equation. The same credentials used to open doors and grant entrance to secured car parking facilities can also be leveraged to manage a user’s identity to provide logical access, such as to release sensitive documents from a public printer, or to log into the financial institution’s network.
This gives decision makers a complete 360-degree view of each person on their staff and allows them to understand their physical and logical access, as well as what assets have been assigned and entrusted to them. This convergence further mitigates risk because it creates layers of security from physical perimeters to connected network devices and paints a clear picture of who is accessing what locations and when.
Maximising relationships – Where IT and security converge
There is a very intertwined and interdependent relationship between IT and physical security professionals. In today’s world of growing threats to financial institutions, this cooperative relationship is absolutely essential. It maximises the return on the PACS investment while also enhancing cybersecurity and protecting customers’ PII.
Taking steps to convergence
Take inventory of existing systems – Gain a solid understanding of which components are in place, how long they’ve been in use and if the latest version of firmware is installed. PACS managers should examine their existing systems, keep an eye out for technologies that aren’t ultra-secure and look to their security integration partners for ways to consolidate disparate systems onto a unified management platform. This can serve as the foundation for an eventual overall upgrade plan that best suits the needs of the particular financial institution.
Implement multi-tech readers and credentials – Replacing legacy credentials with multi-tech smartcard technology enables a wide range of applications on a single card. PACS managers should also give thought to deploying mobile-enabled multi-tech readers across their institution to accommodate the variety of credentials in use, as well as any mobile credential deployments.
Embrace mobile for the long term – Smartphones and wearables will be around for the foreseeable future and provide an efficient form factor for FinServ. Mobile access control provides a higher level of security and reduces the administrative burden of replacing lost credentials as users are a lot less likely to lose their phone than their access card. And there’s more good news – mobile credentials are easily managed, granted and revoked as needed and enhance access control security as well as identity management.
Centralise management – Centralised identity management solutions are especially meaningful to financial institutions. They can help manage identity across multiple business systems, simultaneously easing the administrative burden on already over-stretched security personnel. Centralised management also supports the convergence of IT and physical security. This integrated approach allows financial institutions to adequately secure all their user’s identities in each of their environments and links physical access and network access intimately together under centralised control.
Financial service institutions everywhere are benefiting from modernising their access control systems to stand up to the myriad growing cyber and physical security challenges that they, as an industry, face. The emerging access control technologies available to them are answering the call for a higher level of security to safeguard people, assets and information.
To find out more information, visit: https://www.hidglobal.com/
This article was originally published in the July edition of Security Journal UK. To get your FREE digital copy, click here.