By Bill Hogan
From the August 2018 Issue
Every day you make sure your facilities are clean and maintained, but what about your network? Cyber hygiene… it’s not a term heard often, but think of it as the process that facility management and other stakeholders in a building security system can employ to protect the business, its people, and its assets. The network is the lifeblood of your organization. Is your IT infrastructure as clean as your building? Because poor cyber security is all too evident in the marketplace, facility executives need to take a few precautions into account, ranging from traditional forms of security to precautionary measures that might seem less obvious.
The reality is that organizations both large and small have been hacked, whether it’s been done to shut down systems, steal information, or simply to disrupt business. Cyber threats aren’t tangible, so it is no wonder there has been an increase in cyberattacks given the rise of the Internet of Things (IoT). By using a combination of best practices, facility executives can ensure that important information will remain secure.
For example, it’s one thing for a security integrator to put a client’s system through the paces—subjecting them to risk analyses and audits, performing penetration tests, securing data through the installation of secure devices on servers and appliances that are used as part of the physical security system. But has this integrator performed these same tasks internally? If an integrator has done the due diligence on his or her own business, it says a lot about what they are able to do for their clients.
An integrator who is equipped to handle the installation of a system amidst ongoing threats is one who recognizes that threats are indeed present, both to their clients and to themselves. In turn, they will have internal policies, procedures and systems related to cyber security in place. Due diligence in protecting themselves is the first sign that they are qualified to protect the end-user, especially as new threats continue to rise.
Perimeter Security For The Digital Realm
Today, businesses have two perimeters to protect: the physical perimeter of their building and their digital perimeter. But how do you protect the digital perimeter? Threats from outside sources, (sometimes located in foreign countries) as well as threats from within your network means that—although an important step—it’s no longer enough to just add a password to each device located on a network.
One way to combat external and internal threats is through investing in smart switches. Any business with a network switch, NVR, surveillance camera, or access control system connected to their network is vulnerable to an outside or inside attack vector.
An intelligent, managed switch, which can send a notification if the network is being tampered with, can provide valuable protection.
A smart switch can also lessen exposure to internal and external attacks by enabling the network to be segmented, which provides potential attackers with less surface area to attack.
Meanwhile, an unmanaged switch switches data packets. Typically, this is a group of ports that broadcast all traffic across all ports and does not differentiate between packet or port type. A smart switch, on the other hand, differentiates between ports. When programmed correctly by a trained IT certified security integrator, it only allows certain types of traffic to talk to each other or a certain grouping of ports to talk to each other. Organizations can ensure a more secure network by investing in technology that manages the communication between ports, logical segments, and other switches—a decision usually made by the IT department in conjunction with the security integrator.
Companies can also improve their network security by segmenting their networks, versus deploying a system on a flat network. With a segmented network, companies can lock down their HVAC system, for example, so that it is located on its own VLAN (Virtual Local Area Network) and then locate the security system on another VLAN. This provides the capability to then institute access control rulesets between the two segments to ensure that an attack vector cannot propagate itself across the entire network.
On the simpler side of things, the easiest and most obvious security measure against cyberattacks is to install a firewall on the network and to keep firmware up to date. An important part of the firewall is only allowing the necessary ports and devices to communicate through it. Keeping a tight control over what is allowed through the firewall is important to device security. A firewall can allow for necessary communication just like a smart switch can, but smart switches overall are capable of more.
Another approach to consider is placing security devices on their own isolated network. Here, the probability of a breach is more unlikely because the use of IP and MAC address filters can provide basic defense when a separate physical network is not a possibility. Managing only permissible traffic types can greatly protect against rogue devices that could penetrate the edge of your network.
Lastly, while automatic updates will connect devices to the internet, it’s better to have them turned on than to forget to update firmware completely. Leaving something unpatched and not updated is something hackers look for, and is an easy loophole in security. One approach to handle updates is to establish a scheduled maintenance window where you will manually install any updates to control exactly what gets installed and when. This helps to ensure that nothing from the internet can sneak its way past.
With cyber security in the spotlight these days, remember that protecting a facility and its business goes beyond protecting the building, the people, and physical assets. Protecting data and the network is as critical a component of security, and it’s important to consult with qualified security integrators for network-centric deployments, as well as to stay up-to-date on best practices than can be conducted daily. The best defense against outside threats is to first recognize that any device can become vulnerable at any time, and to take the necessary precautions.
As a facility management professional, you make sure your buildings and sites are maintained on a regular basis in order to provide a clean and healthy environment for occupants. Now, it is critical to make sure you are planning and executing Cyber Hygiene to keep your network protected.
Hogan is the President of D/A Central, Inc., a commercial security systems integrator based in Oak Park, MI. The company has a dedicated IT managed services group that is leading its cyber security effort. Hogan is also a member of Security-Net, a network of integrators who work together sharing best practices and providing national account level services to customers.
Do you have a comment? Share your thoughts in the Comments section below or send an e-mail to the Editor at [email protected]