Replacing keys, deleting expired codes and arming the intrusion detection system. Moving employees and vendors smoothly in and out of a financial services location outside of regular business hours can pose risky and potentially costly security challenges. Consider some of the following incidents:
- A major financial services business had key locks on its local office doors. Each time an employee or vendor lost a key, a locksmith had to rekey the locks and provide new keys to all employees requiring access. This cost the business about $3 million per year.
- Members of a janitorial crew didn’t speak English well and didn’t understand instructions for disarming and re-arming a local office’s intrusion alarm. The language barrier hindered the setting of alarms, which triggered numerous false alarms. The local police soon stopped responding to any alarms from the office, costing the business false alarm fees.
- An office manager responsible for maintaining alarm access codes was consistently adding new employees and vendors, but did not always delete obsolete codes. This resulted in more than 300 inactive, yet still valid, codes built up within the office’s alarm panel. A former employee passed along his facility and vault access codes to a burglar that used them to steal $400,000 from the local office.
Problems like these are common within the industry. Fortunately, today’s intrusion detection systems can offer simple, cost-effective solutions for these types of situations.
CODE MANAGEMENT SOLUTIONS: below you will find some of the ways businesses are managing codes, alarms and entry-management systems to work best for their individual needs:
Entry Management: When employees, couriers, ATM servicers and cleaning crews all carry keys, there are many opportunities for keys to be lost or stolen, requiring expensive replacement. Wireless locks work with inexpensive access cards to open main entry doors. If a card is lost, it can be deleted from the alarm system with one touch on a keyboard. A new card can be created quickly on site. Other cards in the system are not affected. Unlike keys, cards can be individually programmed to allow access only to certain areas and at defined times. The battery-powered locks are easily installed with no wired connection to the central processor required. This type of system also compiles an audit trail of all entries and can create customized reports for the activities of any individual or of a specific entry point.
Alarm Arming Management: Vendors failing to properly arm and disarm an intrusion alarm may create a major security issue. Many municipalities have police non-response policies and/or levy expensive fines after only a few false alarms. Strengthening the arming and disarming process can help mitigate false alarm issues. That’s exactly what a modern intrusion alarm panel can do. Each credentialed user’s profile can be customized to automatically re-arm the system after a programmed amount of time. For example, the cleaning crew can be given an hour to complete its job; a courier may only get 10 minutes. Once a valid vendor has entered the office, the alarm is disarmed yet the doors remain locked to anyone without a valid access card.
Code Management: Local site managers may typically be too busy – or simply forget – to delete codes when employees leave the company. In any given location, there may be 50 listed codes, but only 7-10 active users requiring access to the premises, vault and ATM room. This can create additional risk. One way to avoid the risk is to take advantage of a managed service from Tyco Integrated Security. When a local site requests a code change, TycoIS central monitoring station personnel remotely upload and download from an office’s intrusion panel to delete unnecessary codes—or create them for new hires. Working with our experienced and trained professionals can help mitigate a potentially serious problem of leaving your site at risk. Access, alarm and code management are all important parts of managing security risk. Financial institutions, down to the local office level, need to reduce potential risks wherever and whenever possible. That requires awareness of best practices as they apply both to internal processes and available solutions. Centralized management of codes doesn’t automatically solve all of the challenges. A systematic approach to managing and improving your code risk profile is needed.
CODE MANAGEMENT BEST PRACTICES:
- Start with a code risk assessment or audit
- Prioritize top deficiencies and evaluate where technology upgrades can help mitigate the risks
- Develop a code management policy and communicate it
- Determine how to communicate any new processes to the affected employees and vendors
- Track your codes and report on changes frequently
- Expire codes that are not being utilized
- Change codes regularly
- Utilize technology to automate what can be automated
- Consider working with an integrator to perform not only the assessment, but the remediation plan