How secure is your access control platform?

By Courtney Emra, Lead Customer Service/Sales Assistant at Kenton Brothers

Gallagher - Award WinningWe all know that the perfect security solution doesn’t exist. But we must always do our best to provide strong security for our people, property, and possessions. Did you know that in just 60 seconds, a simple $10 device is able to copy unattended, lost, or stolen key cards? This effectively leaves a wide open door for hackers to enter your company, systems, etc.

Gallagher has won several awards for their cyber security solutions. They perform various testing procedures and public information regarding these tests can be found on CVE. Included in those resources, they also have a free Security Health Check tool that helps you understand and identify weaknesses within your system, hardware and even users.

Let’s take a look at “The Four Horsemen of a Security Breach” from Corey Russell, a System Engineer with Gallagher.

1. Network

It doesn’t matter how much you’ve spent on your system if you leave it wide open for people to find on the internet. The system itself is solid, but if your access control is out there, there’s a good chance some usernames and passwords wouldn’t be hard to come by. Secure your networks, keep them up to date, and make sure you have email phishing training; your IT admin will thank you. If at all possible, take your access control system to a private network. Seclude it on its own island like Tom Hanks in ‘Cast Away’.

2. Hardware

Gallagher - Award WinningSo, you have your network secure? Great! Now what kind of hardware are you using? Something as simple as a plunger switch on a cabinet can be bypassed and let someone short the lock to the back door. Do your cameras still use ‘username’ and ‘password’ for the login? Did you put resistors in line with the reader you hung on the wall? Lastly, did you leave the keys in the cabinet lock because Steve keeps losing them? Get Steve a retractable key chain and make sure your hardware is as secure as your network.

3. Software

With our network secure and our hardware locked down, let’s talk software. We need to make sure we have complex passwords and, no, ‘P@ssw0rd’ is not a secure password. Make sure software is kept up to date. Look to use a platform that puts security first and offers additional tools to secure your network and hardware.

4. People

How secure is your access control system?This one is the hardest. People are predictable… until they’re not. Training staff and enforcing policies can be difficult. That’s why having a system that can help you mitigate the exposures people are sure to cause is a must.

Gallagher offers something called competencies which restrict people from even entering certain areas without valid, up to date certification on their record. Out of the box you can utilize broadcast notifications to get important messaging out to everyone with a push of a button, control how many people can be in one area, or how long any person can stay in that area. Track assets utilizing the readers already on the wall. The list goes on and on. Can your current security platform do that?

Now that you have a pretty good understanding of what’s happening in the threat landscape, do you still feel confident in your current system? We would love to do a commercial security audit of your system and help you plug any holes we find. Just give us a call!

Finally! A commercial security solution built for small to medium sized businesses.

By Neal Bellamy, IT Director at Kenton Brothers

Gallagher SMB ProductsAccess Control systems seem to be designed for 2 scenarios. Either they’re designed for hundreds of doors with a very large feature set or 1-2 doors with very few features. And finally… an access control vendor has entered the space with a product that fills the gap. Gallagher has introduced their “SMB” line.

The Gallagher SMB Line of Products

The Gallagher SMB line uses many components of their enterprise line. They’ve kept a few of their enterprise features, and added a lot more to make their products easier to use and manage with just a smartphone. Let’s dive into the features.

The SMB line has many features, just like its big brothers. The system combines access control and intrusion detection capabilities, just like their enterprise line. Although the panels are designated for the SMB line, the same architecture is used. This makes it versatile in the field. The system also uses smart fobs and Bluetooth credentials just like its big brother.

Resource: Gallagher’s SMB Solution Brochure

The SMB line adds many convenience features that are necessary for the SMB space.

First, the system is server-less and connected to the cloud. This means that you don’t have another server to maintain and can access the system from anywhere you have internet access.

The system updates itself. You will always have the latest features and security fixes. Since it is cloud-connected, you can add and remove people and credentials from your mobile phone. You can also check to see if the system is armed and arm or disarm it from your mobile device.

Imagine being at a conference across the country and being able to arm your intrusion system in the middle of the night, because an employee forgot to do so when they left the premises. If you need to send a friend to check on your business, you can add them as an authorized person and assign a Bluetooth credential for instant access.

Multiple sites can be managed from one mobile app. This allows you to have multiple stores or locations that can be managed with one app and accessed through one fob or mobile credential. Speaking of Bluetooth credentials, an unlimited number of them come packaged with the system.

Case Studies: Kāwhia Primary School, Huntly College Old Boys Rugby Football Club, Hamilton City Gymnastics,  and Chesters Plumbing.

The Gallagher SMB line also offers options to only pay for what you need.

The intrusion system, by default, is self-monitored. This means that you get alerts through your mobile app and you decide if there is a real threat and call the police if necessary. However, if you want an option to have the system professionally monitored, that’s also an option. Access control can be licensed for 1-4 doors, 5-8 doors, or 9-10 doors per site, which allows you to size the system appropriately for your needs. The system has options for accessing the internet through the network, Wi-Fi, or even 4/5G cellular connections.

Kenton Brothers has already deployed the Gallagher SMB solution with great results.

The Gallagher SMB Solution fills the gap in security offerings between a single door at a single site and hundreds of doors at multiple sites. If you would like to increase your security while having a system that’s simple to manage without breaking the bank, give us a call. We would love to talk with you to see if the Gallagher SMB Line is the right answer for your commercial security needs.

Top 5 ways to keep your school, business or organization secure and ready for emergencies.

Convenience and SecurityBy David Strickland, Vice President of Kenton Brothers

With the recent events in Uvalde, we are reminded again how critical security systems are and the role they play in protecting people, property and possessions. In Part 1 of Convenience vs. Security, we discussed some of the missteps at Robb Elementary and how those choices led to loss of life. In this blog, we will be discussing 5 things you can do today to help reduce risk in your school, business or organization.

1. Have your local law enforcement agency or trusted certified security partner conduct a thorough physical security site assessment.

This physical sight survey is part of an open and honest conversation. A thorough all-hazard threat, vulnerability, and risk assessment will take some time and involve all stakeholders or a representative from each group (Students, Staff, Administration, HR, IT, Parents, Legislatures) the more people involved the better. This assessment will review policies and procedures as well as identify the physical security components that make up your organization’s campus or grounds. It will highlight your current situation and the risks that you face. It will help you understand the common language used by industry professionals to describe risk levels and the mitigation techniques to overcome them.

Convenience and SecurityThis assessment is critical for your organization to understand where it is today and where it needs to be tomorrow.
Many times these assessments can be provided for free from local law enforcement, DHS field agents or Security Partners like Kenton Brothers Systems for Security. It’s important to ask your partners about their certifications. Cost should not be a barrier. (Please call us for support.)

If you’re reading this and think you should take a crack at your assessment first; the Department of homeland Security and CISA have created an online assessment tool for you. You can find it here: https://www.cisa.gov/school-security-assessment-tool

2. Create an Emergency Plan based on the things you learned from your security assessment.

Once your assessment is finished, you will have a clear view of your physical space, the policies and procedures in place, and the risks you face with both. We encourage you to create an emergency plan, taking into consideration the items you’ve learned. This plan will cover all risks and scenarios you may face in the next year. We say year because this should be reviewed annually and adjustments made.

FEMA has created some very good tools to get you started. You can access them here:
https://training.fema.gov/programs/emischool/el361toolkit/siteindex.htm

They have also published a sample plan that will give you a template to follow. You can find that here:
https://training.fema.gov/programs/emischool/el361toolkit/assets/sampleplan.pdf

Convenience and SecurityAction items might include adopting new physical security measures or improving the capacity of existing measures to detect, delay, and respond to threats across various layers of the school campus.

Plans could specify the need to provide staff with communications equipment, create policies to improve responses to safety incidents and training staff on these policies, or conduct refresher trainings so that staff and students are aware of how they should respond if and when an incident is detected.

If a school has identified in the vulnerability analysis that it lacks measures to enable quick response from first responders in case of an emergency, a plan might specify what additional measures could be in place to speed that response. The goal with the plan is to ensure consistent application of security throughout the entire campus or organization.

3. Conduct drills and monthly tests of the components in your security system.

Create a culture of preparedness among faculty, staff and students by consistently drilling each of the critical hazard responses. Fire Drills, Active Shooter Drills, Tornado, Flood, etc. Providing emergency preparedness training to team members faculty, staff and students keeps top of mind awareness. It also helps keep all layers of your organization informed. It will help you see where you need to improve and adjust your plan.

Additionally, we recommend that you test all of your access control, IP video surveillance, intrusion detection, panic devices and mass notification systems monthly to insure proper working order. We also recommend that these components are cleaned and maintained on a quarterly basis. They should have their firmware and software updated at least annually as well as with any major updates recommended by the manufacturer. Your physical security provider should be meeting with your IT department regularly (twice a year) to discuss cyber security of the physical security network to mitigate cyber threats.

Drilling, maintenance, upkeep and adjustments are critical to the successful deployment of your security plan.

Convenience and Security

4. Make snap inspections of your physical grounds at least once a month.

People respect what is inspected. Security staff or designated personnel and a member of executive or administrative level team members should conduct walk around inspections of policy and procedures on a random, but consistent basis.

Leadership should ask the following questions:

  • Is my perimeter secure?
  • Is my building secure?
  • Are doors being propped open or forced open during school hours?
  • Will our system warn us when these activities are happening?
  • Who monitors the alarms that are generated when these events happen?
  • What is our policy to respond to those alarms?
  • Are all of my cameras running and recording high quality images?
  • Have I verified how many days my recordings are saved?
  • Are my cameras dirty? (At night dirt will reflect infrared light back at the lens.)
  • Are all my classroom doors locked?
  • Are all the emergency exits clear and unobstructed?
  • Do my panic buttons work?
  • Does my mass notification system work?

There are many more items we could add to this list depending on your specific scenario.

5. Partner with your local law enforcement and mental health professionals to increase awareness and outreach.

One of the sad statistics that we’ve learned over the last several years is that school or workplace violence tends to be committed by people we know. Law enforcement and mental health professionals in your area are valuable resources for assessing threat levels in human behavior. We recommend an ongoing meeting with these resources in the hopes of prevention.

One of my favorite school administration teams meets with local law enforcement, school counselors and parents to actively engage in discussions around supporting at risk youth. They call their group the “A team” and they have been very effective. By engaging early and being intentional in their support, they’ve created strong relationships with the youth, parents and teachers in their organization. The A Team has opened up communication and thwarted violent behavior before it starts.

The goal of this blog is to give you tangible steps to help you create a secure environment for your team members, students, staff, teachers, parents or customers so that they feel safe and able to thrive. If you need help going down this path, please give us a call and we will walk the path with you.

Convenience is not worth the price of a life: Security failures at Robb Elementary School in Uvalde.

Convenience and SecurityBy David Strickland, Vice President of Kenton Brothers

At the meeting point between commercial security and convenience, a decision must be made. Is the convenience worth the price of a life? This all too real scenario was laid out on July 17, 2022 in the pages of the Investigative Committee Report on the Robb Elementary Shooting.

As I write this blog, I’m heartbroken to receive the news that more life has been tragically lost due to poor execution of physical security procedures. As a father of school aged kids, and an industry advocate, I find myself concerned by what I read in the report. It has spawned new conversations with local school districts and how they are managing the risk of active shooters.

Systemic Failures and Poor Decision Making

The Texas state police released their report on the Uvalde School shooting and at the heart of it is “systemic failures and egregious poor decision making.” The report included a scathing rebuke of a culture of complacency. This coupled with a tragically flawed response led to the “loss of 21 souls stolen from their families and friends.”

At 11:33 an armed suspect walked into Robb elementary through an unlocked door. The door was unlocked for the convenience of staff members.

Convenience and Security

Convenience and Security

 

In 2019 Uvalde adopted a policy for responding to an active shooter emergency.

Part of this policy includes:

LOCKED CLASSROOM DOOR POLICY – Teachers are instructed to keep their classroom doors closed and locked at all times. Barriers are not to be used. Substitutes shall follow the same policy, with campuses ensuring they have access to the classrooms they need throughout the day. The Standard Response Protocol procedures are on the back of all of our badges issued to substitute teachers.

STAFF TRAINING – All staff members are trained annually in emergency protocols for the campus. Key campus personnel are CPI-trained.

STUDENT TRAINING & DRILLS – Students receive training on the Standard Response Protocol for lockout, lockdown, evacuate, shelter, and hold. In addition, drills are held for each of these emergency actions on a regular basis

While building security systems including Access Control, IP Video Surveillance, Intrusion detection and Weapons Detection are crucial to physical security, they are only effective if the human element of discipline and accountability to process and procedure are adhered to.

Practice, practice, practice.

Daily habits, that become routine when practiced regularly, dramatically improve the effectiveness of the security systems at any physical site. When these same habits are sacrificed for convenience, it renders your systems ineffective and risk goes through the roof. I can place a $5,000 lock at every door, but If I prop the door open because I don’t like carrying my credential with me, or I don’t like walking around the building to get back in, I have exposed every single soul in that building to a potentially tragic scenario.

I can tell myself that it’s only this one time – but it only takes one time. We don’t get to choose when or where an active shooter will bring violence to our doorstep. We can only control how we prepare and manage the risk of it happening.

The report points out that the door the shooter came in was either unlocked or propped open for the convenience of the staff to leave and reenter the building. “This practice became the norm at the school as there was no accountability from leadership around following security procedures.”

Convenience and SecuritySome will say that hindsight is 20/20.

The report goes on to point out that the school staff were trained in active shooter drills and did have a physical security plan in place, but didn’t follow it properly.

This tragedy should act as a wake-up call and an invitation to evaluate the current organizational management of your physical security systems and practices. Physical security systems, practices and procedures are designed to prevent, delay and reduce loss of life and gain precious seconds and minutes for authorities or designated personnel to respond with overwhelming force.

When was the last time you reviewed your organization’s emergency plan?

When was the last time you had drills to practice the response?

In part 2 of this series on Convenience vs. Security, we will discuss the top 5 ways to help your organization be secure and ready for emergencies.

A Tornado is Coming! Mass Notification Systems from Alertus.

AlertusBy Courtney Emra, Lead Customer Service/Sales Assistant at Kenton Brothers

Unfortunate events in recent history like the Sandy Hook and Virginia Tech shootings, Joplin Missouri Tornado, and numerous disgruntled employee and customer threats have increased the need to communicate with your staff quickly, regardless of their location. We call this “mass notification.”

Mass Notification

Present-day mass notification is different than past notification solutions, which involved dedicated locations or software that would receive an alert message. Today, mass notification systems typically include overhead speakers or paging systems to tell everyone within earshot what is happening and a lot more.

One such mass notification system is Alertus.

Alertus

The Alertus System is configurable for any situation.

Alertus can accept alerts from devices installed in multiple locations around your building, including emergency push buttons, distress buttons under desks, hotkey commands on desk phones, fire or access control systems, NOAA weather alerts, etc. Once an alert is received, Alertus sends the specified alert to mobile or desktop applications, beacons with bright strobe lights and clear tone sounders, overhead paging or phone systems, and large outdoor speakers.

We recently installed a system for a financial company that works with consumers. They knew they could face situations like an active shooter, disgruntled employee or customer, severe weather, or a medical emergency. Each of these scenarios requires unique protocols, but regardless of their requirements, the correct information must be sent to the right people without causing unnecessary panic or confusion.

AlertusScenario 1: Active Shooter or Disgruntled Person

If an employee encounters a threat, they can activate the Alertus System through various devices. They include wall-mounted and wireless activation buttons, an under-desk mounted duress button, and a hotkey combination for any VoIP system.

Once activated, the Alert Beacons display a custom message and exert a sound to get people’s attention. Their overhead paging systems announce the notification through text-to-speech technology, and every computer displays a full-screen message. The system also alerts each user enrolled in their mobile Recipient Application.

AlertusScenario 2: Tornado

The system connects to NOAA weather alerts via the internet and filters the warnings by keywords, such as “tornado and observed.” Once a critical alert is received, the beacons activate a specific message and a different sound tone than Scenario 1.

A full-screen alert containing a custom text notification overrides targeted computers, and recipients can click an acknowledgment button to close the message and provide acknowledgment to safety officials. Similar to Scenario 1, users enrolled in the mobile Recipient Application are alerted.

AlertusScenario 3: Medical Alert

The gym and maintenance shed have activation buttons to enable the System in a medical emergency. The people who need to know about the medical emergency are limited, so we don’t need to send alerts to every beacon, mobile device, etc. Instead, we can send a targeted alert to the beacon that resides with the activation button to notify occupants of the emergency.

We then activate a targeted message on the computers telling the responders where the medical event is. By notifying the people who need to know and informing them exactly where the emergency is, we limit the confusion and panic of the situation while still resolving the issue quickly.

The Alertus System is highly configurable and can be customized to fit your needs. Alertus has several integrations and numerous options for each. To learn more about mass notification systems for your business or campus, call us.