4.11.24 – SSI – Jerry Swenson
It is easy to assume your card access system is always going to work, but we know what happens when we assume something.
I’ve been in the card access industry for more than 13 years. One of the key points I drive home when I’m training our customers on their new system is this: “Don’t lose your building keys.”
Yes, it is easy to get comfortable using a badge and card reader to get inside your building, but contingency planning is essential.
Card Access Contingency Planning is a Necessity
Whether the risk is normal wear and tear on a lock or a card reader, a nefarious hacker, a sporadic power outage or some catastrophic failure — for example, the card access system’s server dying — having a contingency plan that is easy to execute helps overcome these threats.
In the event of any of these problems, having spare keys in an accessible place — that is, not inside the locked building — is preferable.
I’ve been on several service calls where one of these catastrophes caused a tremendous amount of downtime for the company simply because they could not get inside their own building, thus affecting all employees.
If you have 30 employees standing around for an hour, just waiting to get inside, how much money has been wasted?
Hackers are Waiting for Your Mistake
As technology progresses, and as the sharing of information becomes easier, the landscape of “normal” changes quickly. If you are not taking precautions to ensure that your card access system is up to date with modern equipment and modern technologies, you’re taking the risk of a hacking attack.
The hacking community is growing, with widespread hacking equipment easily found on social media platforms such as YouTube, TikTok and Facebook.
Flipper Zero recently popped up on my Facebook feed. Not only is it easy to use but it’s also inexpensive to acquire. The Facebook ad is super appealing for the low-level hacker. If the card access system of your building uses one of the older card reader technologies that this device can exploit, then the hackers have, in essence, the keys to your building.
Another device that hackers use with growing popularity is the ESP key. If you don’t have tampers on your card readers that let you know if your card reader has been compromised, hackers can install an ESP key with great ease and quickness — and you will be none the wiser.
This device utilizes a “man in the middle” attack. It is placed behind the card reader and uses vampire teeth to read the data traveling over the card reader wires. It also creates its own Wi-Fi network so that the bad actor can use their phone to connect to the ESP key and then unlock your doors.
Those are just two of many hacking tools that have gained popularity in that community, with many more on the horizon.
Stay Vigilant and Have a Card Access Backup Plan
What’s the key takeaway? Stay vigilant, update your equipment and have a backup plan. If you find out that your building’s card access system has been compromised, you might have to take your system offline until the vulnerabilities can be addressed.
That means you must have a contingency plan ready to execute to minimize the business risk and detrimental impact on productivity.
And don’t lose your keys!
Jerry Swenson, voice data video technician for BW Systems, is a member of the PSA Cybersecurity Committee.
Whether the risk is wear and tear, hackers, power outages or catastrophic failures, a card access contingency plan helps overcome threats.