How Banks and Financial Institutions Can Improve and Integrate Physical Security and Cybersecurity Systems
Banking and financial institutions need powerful solutions against theft and robbery, crisis management and response, and malware and hacking attacks – resulting in a strong focus on bridging the network and infrastructure gap between cybersecurity and physical security.
Banking and financial institutions need powerful solutions against theft and robbery, crisis management and response, and malware and hacking attacks – resulting in a strong focus on bridging the network and infrastructure gap between cybersecurity and physical security. However, it is important to keep in mind that protocols, plans, equipment, and policies that are needed for a 10-branch bank can drastically differ from a 100-branch bank. When working with either end of this spectrum, it is imperative to understand each building’s own security needs and concerns.
Within this industry, it is common for smaller community banks to acquire multiple branches, possibly turning a 20-bank branch into a 50-bank branch. The challenge is figuring out how to regroup the security program and set new standards that match the new footprint. The internet of things (IoT) has brought many changes.
These devices, which reside on a bank’s network, need to be strengthened with encrypted data to make them less vulnerable to cyberattacks. If left unmanaged, unpatched servers and default passwords can become threatening and open the door to multiple forms of cyberattacks and internet takeover. This creates a volatile mixture for banks and financial institutions that pride themselves on maintaining public trust and business continuity. One rogue server could allow a hacker to gain access into a bank’s network, including all critical data and personal information.
In addition to deploying the most advanced cybersecurity systems, which have only become increasingly important over the past couple of years, banks and financial institutions have a need for physical security and surveillance, as well. In recent years there has been a shift from analog to IP video and more network video applications. This trend towards opening their networks to outside traffic has been slow to be accepted by banks.
One rogue server could allow a hacker to gain access into a bank’s network, including all critical data and personal information.
One way of safeguarding cybersecurity and physical security is an automated service assurance platform that can proactively manage these security systems to help prevent cyber breaches and loss of video surveillance. With such an intricate path of movement – the transfer of video from the camera to the recording disk – it is common for systems to experience downtime unbeknownst to these facilities and their IT departments.
When an incident within a bank or financial institution occurs that requires video evidence, the event footage is the first to be viewed. However, it is estimated that between 20 and 30 percent of total IP cameras worldwide aren’t recording because of complex security issues. When this happens, bank managers are in the position of being reactive to system downtimes. With a lack of a system-wide analysis solution – that can detect if a video stream made it from the camera to the recorded disk – the realization comes only after a security incident happens and video evidence is missing.
Other trends that are typically more relevant with the larger national banks are now becoming more popular – with different forms of policies and concerns – for community banks, as well. One such trend is access control. Many branches have operated with a simple lock and key mechanism; however, this can lead to keys ending up in the wrong hands. Also, it is costly to re-core a lock every time a keyholding employee is no longer with the organization or has switched management responsibilities to another branch.
Due to these risks, there has been an increase in the number of banks and financial institutions that have switched to electronic key cards for strictly a keyless entry environment. These type of entry cards bring an added benefit by allowing branch managers to track cardholder’s access information with a documented audit trail in the event of an incidence.
The main concern for banks and financial institutions is how to integrate these systems – access control, physical security and cybersecurity – into one secure platform. For years, facilities operated in a closed-loop environment, however, now that virtually every security application resides on a network, it is imperative that vulnerability points are found and corrected. There is a movement toward more centralized processes, and, in order to keep a close eye on all systems, many banks and financial institutions are beginning to outsource their security. Depending on the number of branches or size of a financial institution, the individual who routinely checks on security footage could also be the manager.
With advanced analytics, organizations have instant visibility of failures, potential failures and vulnerabilities for a proactive (instead of reactive) solution.
When integrators or another security company manages the platform directly, and an issue or potential matter arises, they will instantly receive a dashboard report, open a ticket, resolve the issue and close it up. It is important to have continuously streaming video from the IP cameras. This allows for banks and financial institutions to focus on other aspects of their business, while the integrators are in constant knowledge of any potential downtimes and can ensure that any recorded information from the camera makes it onto a disk and is available in the event of an investigation activity. In addition to video surveillance, these types of systems also address cyber hygiene and audit compliance needs, making it an end-to-end diagnostic software solution for physical security systems.
Disclaimer: By using the Blog section of this website (“Blog”), you agree to the terms of this Disclaimer, including but not limited to the terms of use and our privacy policy. The information provided on this Blog is for information purposes only. Such information is not intended to provide advice on your specific security needs nor to provide legal advice. If you would like to speak to a Security representative about your specific security needs, please contact us.
