Is your business doing enough to protect its assets? While magnetic stripe cards and low-frequency fobs were once considered a huge step forward from locks and keys, this tech has quickly become outdated. In fact, there are now tools available online for less than £20 that can copy these credentials. This is an enormous security risk, and it's causing many business owners to rethink their physical access control systems.
It’s no secret that older access control systems feature simple encryption and are much easier to fool, but according to a recent HID global study, 67% of a survey of over 100 respondents still use this tech.
With an estimated 606,282 crimes committed on commercial properties each year, this is no longer a risk that major businesses can take lightly.
In this blog, we’ll explore the access control options available to you right now, guiding you through the decision-making process and the main things to consider.
- Types of Access Control System
- What Types of Access Control Credential Are There?
- Access Control Security Levels
- Questions to Ask Yourself
Types of Access Control System
There are two principal types of access control system, Standalone and Network.
The simplest system, Standalone, is one where each access point is isolated from the rest. This means users need to be added to each access point individually and manually.
This is great for a smaller location with a few users that is looking to install its first access control system without too much expense. However, for a larger location, especially one with a large workforce and higher employee turnover, this would be a nightmare to maintain as it would need the system administrator to roam the building at all times of day, adding and removing users from access points one-by-one.
Network refers to a system where all the access points are linked to a central control system. There are two sub-forms of Network Access Control System, "On-Premise" and "Cloud-Based".
In On-Premise systems, the server managing the network of controlled access points is located on-site. This means administrators can manage access points across the site from one or more PCs. Users can be added to or removed from access points all at once. This is either done by changing individual user permissions, or by assigning users to roles that have set levels of access. Typically this system is not connected to the internet, providing an extra level of security, as this means that it cannot be accessed remotely by hackers.
Cloud-Based systems are similar to On-Premise systems, in that the access points are all linked to a central server. However, instead of the server being on-site, it's remote, connected via the internet, and can be viewed through apps on tablets, PCs or mobiles from anywhere in the world, as long as the correct log in is used. As with On-Premise Access Control Systems, users on the access control lists can either be assigned permissions individually or their permissions can be based on their job role. Find out more about the benefits of cloud based access control.
What Types of Access Control Credential Are There?
Access credentials are simply a means of identification. Think of them like the key for the lock (reader). Credentials can be as simple as a PIN code for a push-button lock, or as unique as a facial recognition scan or fingerprint.
In the most simple terms, they fall into 3 types:
- Something You Have: Like a Keycard or Fob
- Something You Know: Like a PIN Code or Password
- Something You Are: Biometric Identifiers Like Fingerprints and Irises
The oldest form of credential, beyond keys and receptionists. While useful in certain circumstances, PIN codes are the most insecure form of access credential. Though they are no doubt convenient and affordable, PINs can be copied incredibly easily and spread widely without any obvious trail. Plus, they’re also susceptible to damage through brute force. Push-button pin readers are best used internally to protect areas of minimal value, or where added convenience trumps any real security concerns.
- Highly Convenient
- Huge Risk of Password Sharing
- Vulnerable to Brute Force
- No Integration Opportunities
- No Entry Tracking
Proximity credentials are the most common form of access control credential. This refers to simple encryption that exists within an identifier (CSN Number), like a keycard or fob that are commonly placed on a reader to grant access.
As the access control industry has advanced alongside modern tech, some credentials that were once considered to be ultra-secure are now much more at risk of duplication. Cheap cloning hardware can be purchased online by almost anyone, making proximity credentials a far less secure option than in the past.
RFID credentials are still the most common proximity access control credential for businesses. These credentials offer an affordable and easy-to-use option, they are more secure than Proximity credentials. Keycards usually contain an RFID chip which is scanned by a door-attached reader.
- Entry Tracking
- Easily Stolen and Duplicated
- Easily Misplaced or Lost
NFC & Mobile Access Control
HID has reported that by 2022 more than 50% of companies had upgraded, were upgrading or were planning to upgrade to mobile access credentials in the near future. They are simple to set up, require no printing and can be easily changed without even needing to have the mobile or user present. They are also their own form of secondary authentication, as even if someone were to steal a user’s phone and attempt to gain access to the premises, they would need to be able to unlock it in the first place.
- Simple to Set Up
- Easy Credential Distribution
- No Print Cost
- Two-Factor Authentication
Biometrics are probably the most secure form of access credential available, as they are incredibly hard to fake. Biometrics used as access credentials include fingerprints, irises, faces and voice patterns, and some extremely high level systems even use DNA identification. In using biometrics, many companies have removed the need for any physical credentials whatsoever, making life a considerable amount easier for users prone to losing their key cards or fobs. Not to mention, stealing a finger, eye or face is extremely difficult!
- No Print Cost
- Two-Factor Authentication
- Very Sanitary
- Integrates with Access Control Software
- Entry Tracking
Access Control Security Levels
Before deciding on one of the methods listed above, it's worth considering the risks faced by your building on a daily basis. Under British Security Industry Association guidelines, access control points must be graded according to type of business and the risk to the premises.
The grade will be applied to your access points - not the system or tech you use. It will provide a helpful indication of the level of security needed, and the recommended technology for your building. This helps business owners, installers and architects to meet their requirements effectively and on-budget.
Grade 1 (Low Risk)
This grade is typically applied to internal doors or areas where the public need to be prevented from just walking in off the street, such as University classrooms or staff rooms at a library.
Recommended system: A standalone lock (code, PIN or token), or offline system that is controlled in a public area for low-risk situations.
Grade 2 (Low to Medium Risk)
This grade is typically applied to commercial offices and small businesses and hotels. Classic keycards and fobs should be avoided for these premises due to the increased risk of cloning and duplication.
Recommended system: An online system using tokens or PINs to prevent access to the premises. Events are received in real-time on the monitoring software.
Grade 3 (Medium to High Risk)
Grade 3 is typically applied to secure areas of commercial business such as server rooms, data centres or stock rooms housing expensive products.
Recommended system: An online system using two-factor authentication or single-factor biometric to prevent access to the premises. Events are received in real-time and tracked on the monitoring software.
Grade 4 (High Risk)
Typical applications of Grade 4 include high security areas such as government buildings, data centres, or private facilities that are vulnerable to theft or crime.
Recommended system: An online system using two (or more) factor authentication and authorisation, one of which should be biometric or human image verification to prevent access to the premises. Events are received in real-time on the monitoring software.
Questions to Ask Yourself
What Are the Main Security Challenges Facing My Business?
Assess and understand the level of risk associated with your premises. For warehouses holding expensive stock or a boutique dealer in expensive jewellery, the threat of burglary is going to be far greater than most standard premises and will require more serious consideration for advanced access control technology like biometric credentials.
How Many Access Credentials Do I Need?
Encoding RFID fobs and keycards can quickly become expensive. For businesses looking to implement proximity technology for >1000 employees, we advise investing in mobile credentials. These will be just as secure, with far less risk of theft or duplication - and no physical printing cost.
Is Convenience More Important Than Security?
It’s hard to imagine a situation where convenience trumps security, but for super-low budget locations only looking to prevent public walk-ins, you may find a PIN reader or lock-and-key suffice. With crime rates rising as they are, In almost all commercial circumstances we’d recommend investing in something more substantial.
What Is My Budget?
As mentioned previously, budget will play a huge role in the type of system you can install. While highly effective, biometric security does not come cheap. Equally, those with a huge workforce often struggle to justify the cost of producing thousands of plastic RFID tokens in fob systems. Discuss your budget with your installer, they should be able to advise on the best options for your building.
Will I Need to Scale Over the Next Few Years?
Businesses looking to grow quickly should invest in a system that is cloud-based and easily scaled. Again, it can become very expensive and time-consuming for businesses running fob or biometric access control to expand their workforce. Mobile credentials are usually the best bet, as these can be set up and distributed alongside the company’s growth with little added stress.
Am I Looking for Integration With Other Security Systems?
Integration is the key to uncompromisable security. We always advise customers to invest in technology that features open APIs, as they can connect their access control technology to their intruder alarms, CCTV systems or any other building tech, as the business demands.
How Do I Intend to Install This Technology?
It’s never worth taking shortcuts with business security - always go through a trusted vendor or supplier. There are a number of “Off-the-Shelf” access control products that can be bought cheaply, but the price will always reflect the quality. Cutting corners with cheap measures or DIY installations will inevitably open your business up to serious threats. Remember, criminals know what to look out for.
Looking to upgrade to better access control? If you’re concerned about the reliability and sureness of your access points, the time to upgrade is now. Ignoring the benefits modern access control has to offer your business could cause expensive security issues in the long-run.
At Chris Lewis Group, we understand the reassurance and convenience access control can offer your building and occupants. Our installation experts are highly experienced at specifying, designing, installing and maintaining solutions tailored to your needs.
We also supply a range of upgrade packages, so you can put a modern twist on your existing legacy technology, for greater efficiency, smoother operation and more secure entrances.
Let us bring your new system to life, get in touch with our experts today:
Submit the form below and we will get back to you very shortly.
With millions of guests using hotels each year, these sites are hot-spots for theft, violence and criminal damage. In fact, figures from eight of the largest UK police forces showed 4,589 allegations.