Health Security Check - Tip #9
"The highest form of IT security for access control and attendance recording is teamwork – between the customer and the system supplier.“
Thomas Herling, Global Business Owner (GBO) Electronic Access and Data (EAD)
In a dynamic IT environment, security doesn’t last forever. A system may be up to date now. But no one can guarantee that this will still be the case after a certain period of time. Whether electronic access control, attendance recording and production data acquisition or the entire operating system – the highest IT security can only be achieved if you continuously question, control and monitor it. This is best achieved if all those involved work together on the basis of partnership and trust to achieve this objective.
My colleague Daniel Fischer, Team Leader New Business/Digital Solutions Switzerland, has supported many of our customers during all phases of the product life cycle – from planning and implementing their access and attendance recording solutions to maintenance and modernisation. In this Security Tip, based on his experience, he describes how important continuous exchange is in order to secure systems in a sustainable manner.
IT security is a race that can we only win together
The goal “IT security” can be compared to a race. To win, you have to find and fix existing or potential vulnerabilities before everyone else. Not once, but constantly. It is a sprint lasting 24 hours 365 days a year.
Those who compete as a strong team have a better chance from the start. It is good if system suppliers rely not only on their own IT specialists and independent external partners but also on the valuable input of their customers.
Testing systems on-site with customers
One example of this is pen tests, which we already discussed in more detail in Security Tip #7. These tests are used to detect potential weaknesses of a system at an early stage. However, the security of access control or attendance recording is also strongly influenced by the respective system environment, which differs for each customer. That is why we at dormakaba feel it is important to put the systems through their paces, also in the specific environment of our customers. On this sensitive issue, of course, it only works if we cooperate on the basis of partnership.
There are many examples of improvements based on feedback or suggestions from our customers. This usually comes about through trusting dialogue. Regular contact is also the basis for us to act quickly and in a targeted manner in the event of new security risks.
Fixing vulnerabilities faster in dialogue with customers
Only those who know the current situation of the customer will know exactly who is affected – and who is not. An example of this is LEGIC prime. This older electronic access control system using RFID transponder cards can be hacked easily. A secure successor has been available for a long time, but many companies have not changed their ID cards due to ignorance. In the case of our customers with a maintenance contract, we immediately knew which of them was using LEGIC prime. Since then, we’ve helped numerous customers migrate their LEGIC prime technology to the modern security of LEGIC advant.
Keep technology and employees up to date
If you don’t want to be overtaken in the race for IT security, you always have to use the latest security mechanisms that are emerging in the marketplace. This can only be achieved by keeping your software up to date. A contract is an important building block to be able to fix vulnerabilities at any time – without having to think about a budget. But even the best technology is vulnerable if users are careless and don’t implement recommendations consistently. That’s why we at dormakaba feel it is so important to continue raising customer awareness of this topic – in individual meetings, during audits or with Security Tips such as this one.