Tim Purpura, Vice President Global Sales and Marketing, Morse Watchmans explores why key control is the essential to prevent external and insider threats in corporate buildings.
Security management for commercial businesses and property involves safeguarding buildings with security procedures and technology to prevent theft, vandalism and cybersecurity data breaches.
We hear and read a lot about cybersecurity for businesses, and a lot of planning and preparation goes into protecting business and financial data with firewalls while restricting data permissions.
Employees must also be trained regularly on recognizing and reporting phishing attacks designed to persuade individuals to open links or download attachments filled with viruses and malware that lead to costly data breaches.
Cybersecurity is essential to protect enterprise data, yet without physical security technology systems, data is not entirely safe.
It is equally important to protect office space server rooms along with computer hardware and hard drives.
Access control and key control physical security systems reinforce the protection of data by limiting access to server rooms, which helps prevent insider and outsider thieves from stealing hardware, and all the data that reside on information system drives.
Theft of computer hard drives does happen and can happen anywhere, and thieves are shameless, yet not always sophisticated.
In October 2024, a video from Inside Edition reported a theft of $30K in equipment from legal commentator and media entrepreneur attorney Dan Abrams’ Law & Crime studios in Manhattan.
An unmasked bandit was caught on video surveillance grabbing laptops and computer equipment.
When the bandit noticed the video surveillance cameras, he hastily grabbed a roll of scratchy brown bathroom paper towels, tore off a ragged piece, and attempted taping it over his nose and mouth with adhesive tape he found on a desk.
Although that did not work well for him, he still managed to remove the equipment from the building.
Tracking tags soon located the hardware 40 miles away at a New Jersey pawn shop.
The suspect was found on the pawn shop premises and was subsequently arrested and taken into custody.
Whether it is preventing a large-scale heist, or a small-time crook, there is no room for complacency when it comes to reinforcing physical security to protect business enterprise data.
Commercial office buildings have hundreds of keys that belong to data server rooms, financial offices and mechanical rooms.
For optimal physical security protection, it is essential for building property management and security operations to conduct risk assessments that identify vulnerabilities, including gaps in security for all the keys on the premises.
Keys protect assets such as computer hardware and all keys, which are also assets, likewise need security and protection.
When all facility and office keys are accounted for, secured and tracked through an electronic key control system, physical security for computer hardware and server rooms is strengthened.
The long-term benefit of key control is to reduce risk and to stay compliant with better protection against costly data breaches due to unsecured computer hard drives.
Locking offices, desks, server room closets and all other applicable areas where hard drives are stored, storing all the keys in a secure electronic key control cabinet, will prevent computer hardware from being swiped and wiped clean of its data, potentially costing business enterprises millions of dollars because of hacked data.
Electronic key control systems secure and track all keys assigned for usage to individuals authorized to use specific keys.
Besides security for all keys, these systems provide information and audit trails about the status of where they are, who has them in their possession, and when they are due to be returned to the key control system.
Authorized users gain access to the key control system by entering PIN codes, access cards or biometrics to obtain their assigned keys.
Locker modules are also an option to add to key control systems, which secure personal assets, laptops, mobile phones, tablets, sensitive equipment and documents, and more.
All key removals and returns are recorded by the system’s software, which provides audit trail reports on demand as needed.
When a key is overdue being returned, alerts notify key control system administrators and security personnel that a key is missing from the system.
Administrators can then remotely disable user privileges and deny a person from exiting the building until the key has been returned. Keys can be returned to any cabinet location within the network.
Modern key control and asset management solutions provide integration connectivity across multiple security systems including access control, video surveillance and intrusion detection systems for efficient and shared security data communication.
Integrated, open protocol connectivity between security systems streamlines processes and eliminates superfluous information.
For example, when employees enter their credentials into one security system, their profile information is simultaneously transferred to all other security systems.
For highly sensitive data and financial information, key control systems can be programmed with multi-factor authentication.
Multi-factor authentication on a key control system requires more than one authorized person to successfully enter their credentials to gain access to keys that protect highly sensitive information and data.
This provides concrete forensics within the key control audit trail, which is instrumental in identifying insider or outsider cyber-criminal culprits when data security breaches occur.
Do you need another reminder to use physical security measures to protect computer hardware?
According to a June 2024 article by the Associated Press, a staff member for the Minnesota Timberwolves admitted stealing a hard drive with proprietary and sensitive information from a team executive, which contained personal financial information and business-related data, which included contracts and strategic NBA information.
When the hard drive was recovered through another Timberwolves employee, it was discovered that more than 5,000 files had been accessed and downloaded onto another device. The staff member was arrested and charged with third degree felony burglary.
The bottom line? Use physical security measures to protect those hard drives.
Keys and locks have been around for centuries for many good reasons. In any office space, specific keys are used to provide access control to individual offices and desks, and that’s why this form of security should not be ignored.
While physical access control provides great coverage for larger areas, the minutia in office space needs extra security through key control.
Insiders can gain access to their work areas, but individual keys keep both insider and outsider threats at bay when all keys are accounted for and authenticated through an electronic key control system.
Key management systems add another important layer of physical security for business and financial data, which is just as important as cybersecurity.
By paying attention to the details and securing all keys through an electronic key control system, businesses can potentially save millions of dollars in damages by circumventing hard drive and laptop theft.
This higher level of physical security builds in compliance and keeps data from being hacked.
Criminals who thrive on stealing data are not going away anytime soon, and new ones emerge when others are caught.
There is no time like the present to update a business key control physical security plan and include what may not have been included before.
Every desk and every office, every unsecured laptop and desktop computer, generates risk. It’s time to protect them through physical security measures like electronic key control.
This article was originally published in the August edition of Security Journal Americas. To read your FREE digital edition, click here.