Securing Financial Institutions Beyond the Vault
Since the first coins were minted, financial institutions have known that the riches they store are a target for theft. Whether physical or cyber, mitigating threats remains a top-of-mind priority for those tasked with safeguarding monetary assets. The risks they face are persistent, as they must not only physically protect their public-facing employees and their customers, but also digitally protect their personally identifiable information (PII) and financial information.
Banks and other financial institutions are painfully aware that consumers today are more informed than ever and that they look to financial institutions that have built a reputation of trust for their brand. One breach hitting the 24-hour news cycle could result in lost revenue, loss of customers and severe damage to brand reputation.
Consequently, the FinServ sector is recognizing that, in order to mitigate growing cyber and physical security risks, it must migrate from legacy access control technology to more secure solutions such as high-frequency smart cards and mobile-enabled, multi-tech readers. This supports the convergence of physical and logical access control to secure physical spaces containing critical data, while simultaneously boosting network security, a critical requirement in the financial services industry.
Savvy security professionals realize that using legacy credentials like prox and magnetic stripe doesn’t deliver the level of security needed to mitigate today’s threats. A survey of 96 FinServ security and IT professionals conducted by ASIS International and HID Global shows that only 45 percent say their current solutions, to include credentials, readers and controllers, satisfy essential requirements. The sad reality is that over 50 percent report that their readers and controllers are three to six years old or older. Legacy systems indeed present a threat as prox cards can be easily spoofed or cloned.
As a result, the FinServ sector is recognizing that using disparate controls that operate independently in different locations isn’t a smart way to go – it leaves them open to a host of security vulnerabilities. In response, many are moving toward implementing physical access control systems (PACS) that better secure disparate facilities in diverse geographies that often use a varying range of credentials at each location.
Why Migrating to Mobile is a Must
According to the FinServ survey, security and IT professionals are concerned about cyber breaches, insider threats and physical security breaches. They’re also paying close attention to how new pandemic-driven security needs are driving demand for touchless access control solutions.
Mobile-enabled readers and credentials meet the demand, both in terms of enhancing security and providing touchless access. Many FinServ organizations have actually taken the first steps in that direction already. Some 26 percent of respondents reported that they’ll upgrade to mobile-enabled readers within the next one to three years, and eight percent already have. Another eight percent will deploy mobile-enabled readers in less than a year.
The benefits are hard to ignore. Institutions are transitioning to mobile-enabled, multi-tech readers as an initial step and are finding that mobile credentials offer the possibility of instant, over-the-air provisioning — a critical need not only during the COVID-era of social distancing but beyond as well. Administrators can deploy and revoke mobile credentials with a mere touch of a button. Photo identification on mobile phones is replacing printed photo IDs, where employee images are often out of date or easily spoofed. And, very importantly, mobile credentials minimize the cyber risk inherent in legacy systems. Another byproduct for enhanced security is the fact that so many people are so dependent on their phones that they typically secure them with additional passcode, fingerprint or facial recognition features, making it much more difficult to duplicate a mobile credential than a prox card.
Benefit of A More Unified PACS Deployment
Financial institutions are seeing the benefits of eliminating disparate and fragmented security systems across their enterprises and finding that better alignment of their solutions is paving the way for improved management and tighter security.
In tandem with deploying a more unified physical access control system, security and IT management teams can start to merge access control with identity management solutions. That’s because access is only part of the equation. The same credentials used to open doors and grant entrance to the parking garage can also be leveraged to manage a user’s identity to provide logical access – to release sensitive documents from a public printer for example, or to log into the financial institution’s network. This gives decision makers a complete 360-degree view of each person on their staff and allows them to understand their physical and logical access, as well as what assets have been assigned and entrusted to them. This convergence further mitigates risk because it creates layers of security from physical perimeters to connected network devices and paints a clear picture of who is accessing what locations and when.
Maximizing Relationships – Where IT and Security Converge
There is a very intertwined and interdependent relationship between IT and physical security professionals. In today’s world of growing threats to financial institutions, this cooperative relationship is absolutely essential. It maximizes the return on the PACS investment while also enhancing cybersecurity and protecting customers’ PII. It’s encouraging to see more institutions are embracing these partnerships. Among the FinServ security professionals surveyed, 75 percent say they collaborate with IT to establish best practices. But there’s more work to be done, as only 53 percent report that their security and IT teams seek new technology solutions together and 19 percent report little to no overlap at all. Hopefully, that will change as more financial institutions further encourage a closer partnership with their IT and security teams and realize the value that a close relationship can deliver.
Taking Steps to Convergence
Take Inventory of Existing Systems – Gain a solid understanding of which components are in place, how long they’ve been in use and if the latest version of firmware is installed. PACS managers should examine their existing systems, keep an eye out for technologies that aren’t ultra-secure and look to their security integration partners for ways to consolidate disparate systems onto a unified management platform. This can serve as the foundation for an eventual overall upgrade plan that best suits the needs of the particular financial institution.
Implement Multi-Tech Readers and Credentials – Replacing legacy credentials with multi-tech smartcard technology enables a wide range of applications on a single card. PACS managers should also give thought to deploying mobile-enabled multi-tech readers across their institution to accommodate the variety of credentials in use, as well as any mobile credential deployments.
Embrace Mobile for the Long Term – Smartphones and wearables will be around for the foreseeable future and provide an efficient form factor for FinServ. Mobile access control provides a higher level of security and reduces the administrative burden of replacing lost credentials as users are a lot less likely to lose their phone than their access card. And there’s more good news – mobile credentials are easily managed, granted and revoked as needed, and enhance access control security as well as identity management.
Centralize Management – Centralized identity management solutions are especially meaningful to financial institutions. They can help manage identity across multiple business systems, simultaneously easing the administrative burden on already over-stretched security personnel. Centralized management also supports the convergence of IT and physical security. This integrated approach allows financial institutions to adequately secure all their user’s identities in each of their environments, and links physical access and network access intimately together under centralized control.
Financial service institutions everywhere are benefitting from modernizing their access control systems to stand up to the myriad growing cyber and physical security challenges that they, as an industry, face. The emerging access control technologies available to them are answering the call for a higher level of security to safeguard people, assets and information.
Access additional resources or contact us to request more information about solutions for the FinServ sector.
Peter Walsh has over 28 years of experience in the security industry as a high-performing business leader. He currently serves the Global Business Director, Finance and is responsible for strategy and partnership development in the FinServ sector. Peter is based in Manchester, England and has been with Austin, Texas headquartered HID Global for four years.