Organizations across the globe are adjusting to a new norm as a result of the sweeping changes brought on by COVID-19.
For many organizations, this new norm means modifying hours of operation, temporarily closing their doors, sending staff home to work remotely and/or changing visitor and occupancy policies.
As businesses and institutions adapt, they should consider how their security systems can reinforce business policies and help them mitigate risks. Specifically, access control systems can be critical during a time when organizations are increasingly concerned about managing who’s on-site (and when).
This blog post offers 10 simple and cost-effective ways organizations can enhance their access control to ensure they’re safeguarding their properties during this transitional period and beyond.
1. Install door contacts on every exterior door.
Although this seems basic, it’s unfortunately less common than you’d think – especially in a door access control system. Why? Organizations opt to install request-to-exit sensors and access control card readers but often neglect to add door contacts.
Because door contacts notify your security system when a door is left open, they can be critical to ensuring the exterior of your facility is properly secured. The cost of a door contact ranges and is relatively inexpensive, so it can be a cost-effective way to enhance your property’s access control.
2. Identify and limit primary entrances to ensure controlled entry into your building(s).
Where are your entrances and why are there so many? This is typically one of the first things I ask organizations when we’re discussing access control.
For some, like schools, multiple entrances are for the convenience of staff and students. However, each entrance is a potential vulnerability, so having multiple means these organizations may be literally opening the door to potential threats.
As you identify your main entry points and limit your entrances to only those that are absolutely necessary, you’ll be able to better control and monitor the flow of people going in and out of your facility.
3. Remove entry hardware from all exterior doors not designated as an entrance.
Once you’ve limited your entrances, be sure to secure your other exterior doors. Doing so is simple: Just install exit-only door hardware on non-entrance doors. A cover plate is usually a cost-effective solution. This is an easy step for organizations looking to harden their perimeter security.
4. Remove and dispose of any visible door props near exterior doors.
Whether it’s a conveniently placed rock that props a door open for smokers or a traffic cone that keeps an apartment building’s front gate from closing, these prop objects can significantly impact the effectiveness of your access control.
Walk around the perimeter of your building(s) and remove any nearby objects that could be used as door props. Consider also installing door contacts on all exterior doors, as they will notify your security system if and when a door is propped open.
5. Modify your hours of operation within your access control system to reflect new COVID-19 policies.
As organizations close temporarily or modify their hours of operation in response to COVID-19, they should ensure their operational decisions and threat mitigation policies are reflected in their access control system.
For example, schools, restaurants, bars and other organizations that have closed should revisit their lock/unlock and alarm open/close schedules to ensure their facility is properly armed. Additionally, for businesses that have closed or asked employees to work from home, they may need to suspend individuals’ access control cards to reflect these changes.
6. Audit your access privileges.
As noted above, now is a good time to audit your access privileges to ensure the right people have access to the right areas of your facility (and at the right time). It’s a best practice to take a “Zero Trust” approach, meaning organizations shouldn’t automatically trust anyone within (or outside of) their perimeters.
While the Zero Trust security concept refers to IT and cybersecurity, it can also be applied to physical security. In this case, no one within your organization should receive more access than they need.
Take the time to audit who should have access to certain areas and remove those who shouldn’t. Do you have vendors or contractors whose cards should have expired but are still active in your system? What about retired or terminated employees?
As you’re working to ensure your business is secure, this is one easy way to do so.
7. Collect spare keys, especially master keys.
It’s equally important to limit the number of people who have spare or master keys.
Effective key management is essential to your organization’s security program and ensuring your property, assets and people are safe. It begins with identifying what keys you have, where they’re used and who has access to them.
All requests for keys should be submitted and approved in writing, providing an audit trail for your key records. These records should also be shared with your organization’s Human Resources department, as one of the biggest problems in key management is retrieving keys from employees who have left, retired or moved to a different role within the organization.
Your key control policy should also outline the process for reporting lost or stolen keys – encouraging employees to report these issues immediately – and include a process for updating a key issuance log.
Building a robust key management program starts with these simple first steps, and doing so can help organizations minimize potential risks.
8. Create custom and distinguishable alerts for sensitive areas.
Alert fatigue is all too common, as security and IT professionals received hundreds or thousands of alerts every day and can become numb to these notifications.
One simple way to prevent high-priority incidents from going unnoticed is to create a custom alert for specific doors or areas within your organization. Simply add these sensitive areas to a group within your access control system, assign a higher priority level to alarms on this group and add a distinguishable color – for example, purple – to these alerts. Notify your security teams that any purple alerts must be prioritized appropriately.
While this won’t necessarily decrease the number of alerts you receive, it will help you prioritize incidents, which ultimately helps better secure your organization.
9. Check all mechanical hardware of your doors.
Start with the perimeter of your organization and work your way inside. Ensure all doors, frames and hardware are code-compliant and structurally sound. Clean door hardware surfaces with non-corrosive solvent and note whether physical hardware or the opening (frame, threshold and hinges) are in need of repair.
10. Update your access control software.
It’s critical to update your access control software to unlock security patches and new features and functionality.
Earlier this year, the importance of doing so was underscored when Mercury Security issued a notice that some LP intelligent controllers would not properly handle leap year time calculations – a problem that would have “unknown effects on the functionality of the access control system.”
The solution? Update the firmware. In many cases, a simple update can help you address security vulnerabilities and ensure your system is functioning properly.
As your organization continues to navigate the impact of COVID-19, these tips can help you identify opportunities for hardening your perimeter security and enhancing your access control.