Having all the bells and whistles of a state-of-the-art security system can be reassuring, but the most dedicated intruders are always on the lookout for gaps in your security. Find out what mental checklists criminals make when thinking of ways to defeat your system — and learn how to stay a step ahead of them each time.
When examining your security plan, try turning the tables on your current equipment and think like both an internal and external intruder. Searching for weaknesses in your system can help you develop a comprehensive plan for preventing incidents, better manage your security budget, and implement a plan for managing incidents.
So what are a few things an intruder looks for?
They look for brand names and system information
Keep your security product brand names under wraps. The more information you provide to criminals, the more easily they can access your device and, in turn, your network. If you want to truly think like an intruder, try discovering how much information you can find about your system simply by Googling it and use the information you find to ensure you are asking your integrator the right questions so they can best address your needs. Cyber criminals have been making headlines lately due to their use of "sniffers", in which they make thousands of password attempts on your network until one finally works, so changing factory set passwords on equipment is one simple and well known step to blocking access to your physical security network and data. Keeping information limited about the different components of your system can be advantageous for obvious reasons, and handing over information about products, setup, and various components is akin to handing over a blueprint of your facility.
They are trying to defeat your access control system
Ask yourself a few questions: can I make a copy of an employee's access card without their knowledge? Will a copied card get me into the building? Imagine yourself as a former employee that wants to access the building to steal something in retribution for being laid off. How would they accomplish that? Could someone walk right into the building with a group of employees at the lunch or end-of-day rush? Are there places to hide? Do your employees wear their access cards as badges, and are you using a non-secured format? Did you know that for less than $20 you can order a proximity card duplicator online? While it is true that any intruder is likely to face other hurdles once they get past the entryway, it is still a point worth protecting with PINs, passcodes, or biometric measures, if feasible. It is easier to copy a card than a key so if your organization utilizes cards, start examining your incident management policies by asking additional questions. How do guard personnel respond when an unfamiliar person makes multiple visits? What is the response when an access control reader registers 10 denied access notifications? It's best to be vigilant and prevent an incident simply by looking for signs that it is about to occur. In public areas such as a subway station where turnstiles are commonly used as access control, installing floor-to-ceiling fence-like turnstiles as opposed to the drop arm style will be far more effective at stopping an intruder from simply hopping over the barrier. Just like office buildings, the human element has proved to be an invaluable addition in public areas with guard personnel spotting and preventing an intruder from bypassing the system and potentially causing harm to crowds in mass transit stations.
They try to blind your motion detection sensors
Inexpensive motion detectors are easy to defeat, simply by blocking their vision with glass, plastic, silicone sprays, or any other material that they can't see through. While motion detectors relying on infrared are a beneficial and a highly recommended element of security, a layered approach with detection is best. Facilities such as scrap metal and recycling centers, construction sites, or auto dealerships should be investing in a combination of infrared sensors, night vision, physical and virtual guards as methods for detecting intrusion. You should follow up with your integrator to be certain that any potential defects or bypasses found in products are addressed and that you are operating with the most current upgrades to your system. And if the alarm is tripped, ask yourself what procedures you have in place to respond. Intruders, particularly those working internally, will often test a facility's response by triggering false alarms multiple times, so evaluate the data available to you from the daily security events your system observes.
They watch your social media presence
Think that your personal social media accounts are the only ones you should be cautious with? Think again. Most businesses are expected to have some degree of social media presence today and over sharing can jeopardize the security of your data. The easiest way to combat this potential security breach is by educating employees, keeping confidential information on lock, and monitoring professional social media accounts as well as personnel activity online. If you think you're savvy enough to know better than posting confidential company information for the world wide web to see, remember that the CFO of Twitter accidentally tweeted something confidential to the public that was intended to be sent via private direct message. When the CFO of a social media platform unintentionally misuses said platform, it may be time for you to check on your organization's social media controls.
Your security products, with all of their features and technology, should be the most valuable and productive aspect of your security plan but the responsibility for staying ahead of intruders lies within the system operators and their ability to analyze the data produced by their system. Making sure your system is routinely monitored, maintained, and upgraded according to your organization's needs and your industry's compliance and security standards will help you get the most out of your investment and aid in keeping you a step ahead of criminal activity.