Is anyone really monitoring your security activities? You’ve invested so much…

/in /by

By Kevin Whaley, CPP, Sr. Security Consultant at Kenton Brothers

Prior to the September 11 terrorist attacks on the World Trade Center and the Pentagon, the most significant threat to the United States was the former Soviet Union. At that time, governments believed that only foreign state actors or representatives posed a significant threat to national security. Security measures were based around this belief that a great security threat only existed in the form of state actors, putting the responsibility for security into the hands of the government.

Today the threat of attacks and their intended targets has expanded to not only government entities, but private organizations as well. These attacks have evolved from identifiable state actors, to adversaries with no state affiliation. The conflicts of today are no longer fought on open battlefields – but instead fought daily against adversaries who are not easily identified. Similarly, much like our adversaries have evolved, so have their tactics. When new protection measures are implemented, adversaries adapt their tactics, and so the cat and mouse game continues.

Goals of a Security Program

The importance of an Annual Security Audit

The goal of any security program is to deter, detect, delay, and respond as efficiently and effectively as capable. To ensure this, organizations must regularly re-evaluate their security programs to ensure that they are staying up to date with current technologies, best practices, and the modus operandi used by adversaries. Failure to do so will only increase the vulnerabilities and risks to the organization. It is current best-practice and recommended by security professionals that a security assessment be conducted annually to assist in ensuring your organization is mitigating risks or minimizing the consequences.

Unfortunately, there is no “one-size-fits-all” approach to conducting a security assessment. Depending on your industry, there may be minimum standards that must be met, which can assist you in development and evaluation of your security program. However, each assessment must be tailored to each organization’s unique operating environment.

The basics of any security assessment should consider items including but not limited to:

  • Policies
  • Processes/Procedures
  • Crime Analysis
  • Historical Incidents
  • Critical assets
  • Threats
  • Vulnerabilities to those threats
  • Risks associated with threats
  • Security systems operational capabilities
    • Access Control
    • Video Surveillance
    • Intrusion Detection

Annual Security Evaluation

Conducting an annual evaluation of at least the aforementioned can help your organization ensure that your security program is operating as intended, assist in identifying areas for improvement, and staying up-to-date with industry best-practices. These assessments can typically be completed by in-house security personnel or by third-party consultants.

In-house assessments are beneficial since in-house personnel typically already have the institutional knowledge and may know what the issues and/or possible solutions are. However, the old adage of “if it’s not broken, don’t fix it” usually comes into play. In-house assessors may be “complacent” during the assessment. I don’t mean that they get lazy or lack attention to detail but rather, have a higher probability of overlooking potential issues simply because they are used to it or “That’s how it’s always been,” or “Well, that type of incident will never happen here.”

An example to consider…

The importance of an Annual Security Audit

My favorite example of this exact scenario playing out is when while working for a former employer, we were attempting to sell a consulting project to a client. During one of our meetings, one of the executives stated, “I don’t know why we need to do this assessment. Nothing has happened here and really what are the chances of [incident] happening?” Less than two months later, that exact incident occurred. The next week, I received a call from the same company, asking us to please do the assessment. The security leadership already knew a lot of what we explained in our report, but recognized quite a few issues that they had been overlooking for years.

Additionally, in-house assessments may typically have a harder time getting buy-in from management or the executive team. An outside consultant can assist in providing an outside perspective. They are able to look at the program with a fresh set of eyes and identify issues that may have gone previously unnoticed. Additionally, a consultant can offer substantiation to the findings and recommendations. Not only should a thorough assessment contain “findings” and “recommendations” but should also explain the why and how behind them and how they can be harmful or beneficial. Consultants can also offer insights into similar environments and experience from other industries.

Vetting Security Consultants

The importance of an Annual Security Audit

It is just as important to thoroughly vet any potential consultants as it is to conduct a proper security assessment. Professional security consulting services should be completely technology and product agnostic. Look for consultants with professional designations (i.e. CPP, PSP, CSC). These show that the professional stays up-to-date with the latest best-practices through continuing education and can provide unbiased, objectively based information to the end user. Make sure to identify other assessments they’ve done, ask for references, and even a sampling of their work so that you can gauge the quality of the assessment and report.

The assessment report identifies the findings and recommendations of the assessment. This is the meat and potatoes of the report and in my opinion, the most important. The content and level of detail of the report will be based on the scope of work. This report tells the story of the security posture. This is meant to be a medium to communicate to the management/executive team or decision makers. The report should be answering who, what, where, why, and how. I did not include “when” because the occurrence of a future incident can’t be determined. If we could predict a security incident, we security professionals would be out of a job! Each “finding” should be clearly defined in the report and details of what the finding is, why it’s bad, how an adversary may take advantage, and potential risks. Similarly, each finding should be followed by a recommendation(s) to mitigate. Again, this should also include what, why it’s beneficial, and how it may improve security and mitigate the finding. I emphasize “may” because unfortunately, nothing is 100% preventable. A truly determined and dedicated adversary will find a way. In other words, show me a 10’ fence and I’ll show you an 11’ ladder.

These detailed narratives again are used to tell a story and should help to obtain buy-in needed. The report may truly be the “make or break” factor in making decisions regarding security program changes.

While conducting an assessment, part of my responsibilities included reviewing previous assessments that were completed for an organization. What really struck me was the overwhelming lack of detail and reasoning in the report. For example, a “finding” in the report stated, “The parking lot is not sufficiently illuminated.” And the recommendation was, “Recommend install more lighting in parking lot.” Wow!

Types of Security Recommendations

Not only are the details of the report important, but just as important are the types of recommendations. There are numerous people who claim to be a “security expert” or “consultant” when in reality they may have little to no experience in this field. Or they may be trying to sell you their own products and their recommendations are based around what products/services they offer as a company. This can lead to unnecessary recommendations, which can mislead the client and may cause them to spend lots of money on something that may not truly be needed.

Sometimes, the best solution may be a simple one. Not everything needs to be solved with technology or a person. Sometimes, the best solution is possibly an administrative change. Maybe something can be mitigated with a new policy or procedure, training, or just a simple discussion. Again, sharing an example from my experience, during my time with a previous organization and during my initial assessment, I noticed that there was security technology installed in places that were completely unnecessary or used inappropriately. A fifth-floor balcony, with no other means of access besides the doors leading to the balcony itself, had card readers leading into the building. When I reviewed the previous report, it literally stated that someone could grapple up to the balcony and gain entrance. Possible? Yes. Probability? Very low if not non-existent. So the organization had spent thousands of dollars of something that could have been solved with a mechanical lock like a deadbolt on the inside of the door. Additionally, they had fisheye cameras installed in areas that these cameras weren’t designed for. They were on exterior walls, monitoring doors, hallways, etc. The cameras weren’t being used to their full potential, and ended up costing thousands more than installing a different camera that would have worked better for the desired field of view. Those fisheyes I mentioned? Half of the field of view was a brick wall.

Product/Service Agnostic

Finally, if you do use a third-party consultant, it’s important that they are completely product/service agnostic. Their reports should not recommend specific products. Instead, they should keep recommendations generic. For example, instead of recommending a brand of video surveillance, the recommendation should be “a video surveillance system”. However, they should include what types of functions it should be able to accomplish and other general specifications. They may also provide examples of brands. In my reports, I would state, “recommend video surveillance system that can…..(i.e. Brand, Brand 2, other). This way, it’s left to the client to decide which products will meet their needs.

In conclusion, conducting an annual security assessment can assist with ensuring your security program stays up to date, is operating as intended, and identify areas for improvement. Whether it’s done by in-house personnel or third-party consultants should be carefully considered. However, it’s highly recommended that a third-party consultant be used in an alternating manner with in-house assessments. For example, maybe an assessment is completed in-house, but every other year or third year a consultant is utilized to help keep the assessments unbiased and to allow for a fresh view point of the security program.

At Kenton Brothers, we have a team of certified security professionals that have years of experience conducting assessments in industries across the board from education, critical infrastructure, local/state/federal organizations, healthcare, correctional facilities, etc. Our consultants remain dedicated to ensuring that we are able to help you protect your people, property, and possessions. We are here to assist you in making the decisions that work best for you and your organization.

For more information regarding security assessments, please give us a call.

Start Strong, Finish Strong – 1 Customer, 9 Schools, 5 Different General Contractors

/in , , , /by

By Ryan Kaullen, Field Services Manager at Kenton Brothers

Start Strong, Finish StrongEarly May of 2021, Kenton Brothers was notified that we had won a commercial security project for a local school district that included 9 different school remodels with access control additions to each of the remodels. Included in the project were IP based intercoms, door release functions, web relay interfaces, and ADA integrations.

Kip Phillips was assigned as the Project Manager and I knew right away he had to Start Strong and Finish Strong because of several unique scenarios within the project.

Some of these potential challenges included:

  • Kenton Brothers was contracted directly with the school district and not the General Contractors
  • There were 9 different timelines that may or may not align depending on other trades
  • There were part logistics issues due to supply chain problems
  • Coordination with the General Contractors to ensure we installed our equipment at the right time

Kip knew that being properly prepared would allow him to maintain control of the project and be able to ensure its timely completion.

Relationship is Crucial in Complicated Projects

Start Strong, Finish StrongKenton Brothers prior relationship with the school district allowed us to not only win the job but also design exactly what the customer was needing.  Coordination began from there to align the timeline put out by the General Contractors to match what we were installing. Due to COVID, getting the parts we were contracted for took longer than normal. But there were also wait times on the parts that were needed from other trades to complete the projects.

Kip was in constant communication with everyone involved. Checking to see when parts were going to be delivered, getting them in our techs hands, and making sure the doors were in and ready for us to install the parts.

Timelines were a huge coordination component of this project. As doors and frames arrived, we had to get wiring in place so we wouldn’t get sealed out of physical places we needed to be. Sometimes, the notice that a door and frame had arrived was communicated to us the same day it was going to be installed. (Labor nightmare.) Kip had to shuffle a tech (or techs) off of one job and race over to the school district to make sure wiring was put into place quickly and correctly.

Start Strong, Finish StrongA lot of what Kenton Brothers had to do was contingent on other trades getting their work in place before we could do our work. This reality put us in a major time crunch to complete everything by the start of the school year.

Doing the Work

Kip was able to manage hundreds and hundreds of man hours spanning just a few weeks. He was able to keep everything in perspective by scheduling and organizing the techs efficiently. They knew what their tasks were each day, and they received the parts they needed.

Kip regularly attended weekly construction meetings to stay on top of everything and he provided feedback to the General Contractors, always being mindful of our deadlines. Being in constant communication with the techs, the school district, and the GCs allowed him to know where the projects stood at all times.

It helped that Kenton Brothers also had senior techs on the project… this allowed for good feedback back to Kip and our customer. The communication, the coordination, the anticipation of needs, and the strong project management allowed this project to finish successfully and on time. Our customer is happy!

This project properly aligned with the #KBWay of protecting people, property, and possessions. And we love the satisfaction of completing a project that will help the school district protect the kids and staff that work and learn in their buildings every day.

Start Strong, Finish Strong Start Strong, Finish Strong

Core Value: Continuous Learning – Electric Strikes with Assa Abloy

/in , , /by

By Gina Stuelke, CEO of Kenton Brothers

In a technology company like Kenton Brothers Systems for Security, constant focus on opportunities to refine our core values is always the goal.

Assa Abloy - Electric Strike Training Assa Abloy - Electric Strike Training

Continuous Learning

Assa Abloy - Electric Strike TrainingContinuous learning is one of those core values and it’s imperative to keep us at the top of our game. As you’ll see in the pictures, some of our security specialists take their training opportunities very seriously! Our team had a blast learning the latest electric strike installation techniques at a recent training event sponsored by Assa Abloy, the largest global supplier of intelligent lock and security solutions.

An electric strike is an electrified locking device. These are cut into the jamb of a commercial door to work with a card reader and a commercial access control system to secure an opening. It’s important to know how to survey the door opening properly by evaluating the existing door and frame as well as the existing mechanical locking mechanism to determine if an electric strike is the correct product to do the job.

There is an art form to properly cutting in the strike into the metal frame of a door. It’s not for the faint of heart!

Assa Abloy - Electric Strike Training Assa Abloy - Electric Strike Training

Great job Team KB! Thank you for investing in your skills and adding value to what we can bring to our customers!

Remember when security just meant a good set of keys?

/in , /by

By Ryan Kaullen, Field Services Manager at Kenton Brothers

Kenton Brothers opened its commercial locksmith doors in Kansas City in 1897 by two brothers William and Leon Kenton, and is still located in the heart of Kansas City to this day.  From the beginning, the mission has been to protect people, property, and possessions but locksmithing has changed over the past 120+ years! Today, keys look very different than the skeleton keys of the past. We now have electronic machines that cut keys, and we even have software programs that will keep your master key system organized and in check.

Keying Through Time Keying Through Time

But what else has changed?

Keying Through TimeAs most people remember when growing up, it was not uncommon to see school janitors, maintenance employees, or even property managers walking around with huge rings that looked like they had 250 keys on them and weighed 50lbs. The days of someone carrying around that many keys are coming to a close as keying systems have advanced, access control is becoming ever more prevalent, and keying software has allowed keying systems to be more easily managed. Things change (and a lot of times for the better.) Leon and William Kenton even knew that back in the early 1900’s. They knew that they had to take care of the customer, innovate, offer more than their competitor, and provide remarkable service to continue to grow.

So how does this information benefit you or the company you work for?

With more advanced methods of key control, by knowing who has what keys, by knowing how to properly protect your people, property, and possessions, and by granting access to certain areas, you can cut down costs, reduce the number of keys people have and benefit from a mechanical security system that compliments your access control system. And an advanced method of key control can be its own mechanical access control system.

Even a century ago, William and Leon knew that a good master key system could be designed to incorporate security and convenience for the users. How? By gathering important information at the preliminary ‘keying meeting’ where the details to design the master key system are discussed. One tip for a successful design is to incorporate the company’s organizational layout (users of the keys) with the building layout of where the doors are located. It’s also important to gather information about future changes or potential growth anticipated. A good master key system makes it easy for those that need access to multiple rooms. It also increases security by only granting access to needed areas and not the entire floor.

We’re here to educate.

Keying Through TimeFrom the beginning, Kenton Brothers has worked to educate our customers, help understand their needs, and promote all the offerings in the market place that will properly secure their facilities.  Kenton Brothers may have started as a locksmith who also fixed umbrellas and sharpened mower blades to make ends meet. But as the decades have passed, we’ve developed into more than just a large and growing commercial locksmith in Kansas City. Our other offerings include Access Control, IP Video, Intrusion Detection, and more. These systems all work together to provide a layered approach for securing facilities.

Let the Kenton Brothers team of dedicated employees show you how we can protect your people, property, and possessions and keep you All Secure!

All chips great and small. How microchips are holding the security industry hostage.

/in , /by

By David Strickland, Vice President of Kenton Brothers

Microchip ShortageYou  may have heard… There is a chip shortage. Current projections by industry insiders say that things will return to normal in early 2023.  Last month, STMicro CEO Jean-Marc Chery said that while “things will improve in 2022 gradually, normal product availability won’t return “before the first half of 2023”.

Many factors have caused the shortage including the Pandemic, a fire and a drought. There are only a few microchip manufacturers across the globe. With the NDAA (National Defense Authorization Act) marginalizing Chinese chips in the American marketplace, it comes down to three plants available to the security industry. One plant had a major fire last year that impacted its ability to produce chips as late as August 2021. The largest facility, located in Taiwan, has been affected by a severe drought over the last 18 months. The factory requires 63 tons of fresh clean water a day in production. These factors as well as an all time high in demand have led to a crushing shortage.

Microchip ShortageMajor car companies are projecting 110 Billion in losses in 2021 by not having enough chips to meet demand. If you have recently tried to rent a car, you’ve seen it firsthand. Car rental companies all over the globe have sold off their stock because they’re getting premium prices with the new car shortage. Simply stated, there are fewer cars to rent, so the price has inflated with demand.

How is this affecting the security industry?

Some manufacturers have recently issued warnings that some product lines won’t be available for 18 weeks, or until February 2022. A security manufacturing insider recently shared, “Make no mistake, if a component has a chip in it, it will be delayed. This problem effects everyone involved, from the manufacturer all the way to the end user.”

Current estimates for many components : (09/21)

  • Commercial IP Video Surveillance : 8-18 weeks
  • Access Control Components : 6-18 Weeks
  • Doors Frames and Hardware : 8-12 weeks
  • Hardwood Doors : 12-18 weeks
  • Servers and Switches : 8-12 Weeks

So if this is the obstacle, how do we solve it?

Kenton brothers Systems for Security has been around a long time and has some experience with dealing with obstacles. We’ve been through two world wars, the Great Depression, the Great Recession and 5 pandemics. 123 years has taught us something. There’s always a way to get it done.

Top 5 Tips for overcoming the great Chip Crisis of 2021 – Security edition

1. Communication

(The number one way to over come the chip crisis.)

Have regular meetings with your customers and help them understand their choices. No one likes to be confronted with a no option crisis. At Kenton Brothers, we like to come with solutions. You won’t be defined by having a global chip crisis. You will be defined by how you respond to it. Options, planning, and communication all work together to overcome any obstacle.

The reality of the chip crisis is that it will effect your business. The response to the crisis is what counts.

2. Substitute

Have a list of resources available to use for substitutions. If one manufacturer is out of a component, understand what you can replace well before you start the project. Managing this is key. Many integrators are surprised daily with bad news of delivery.

3. Go Old School

Temporarily using mechanical solutions will still work for access control. Prep the doors for electronic locking devices, but use mechanical locks until the electronic components arrive.

4. Monitor specific serve times for the manufacturers you use most.

Many manufacturers have portals you can utilize to track current part serve times. Call your manufacturers rep to get the inside story.

5. Plan Ahead.

Understand the serve times and roll that into your Gant charts for your project. Understand that you will need to order al lot earlier than you normally would to meet the construction deadlines.