Key Control: Proper Ways of Securing Keys and Accountability

By Ryan Kaullen, Field Services Manager at Kenton Brothers

Key ControlIn several of my blog posts, I have spoken about Key Control, setting up Master Keys systems, accountability of managing keys, and more. What I want to introduce today are the different ways to actually secure and track keys within your facility… physically and through software.

The first topic is how to physically secure keys at your facility.

There are several options out there, including standard key cabinets. There are also intelligent key cabinets such as the one pictured below. Here at Kenton Brothers, we sell and support both options and both options have a place within physical key security.

The most obvious pro for a standard key cabinet is the price. Standard boxes will have a lock, but will always require a paper trail of who has the keys. (The typical procedure is a clipboard managed by someone.)  Typically, companies require another employee to always be there when someone else accesses the box.

Intelligent key cabinets are expensive, but they provide an audit trail. Intelligent key cabinets only allow users who have a card and/or a code to get into the box. This provides another layer of security for key control. This enforces the goal of users having access to the right keys. Reports can be generated to see who has keys that are missing or who used what keys and when.

Every facility has different needs and different requirements. Kenton Brothers will help you choose the best option for physical key security.

Key Control Cabinet

The second topic is securing keys through software.

At Kenton Brothers, we utilize and sell a software program called SimpleK.

SimpleK allows the person administering keys for your company to be as high level or as granular as they want with the information to be captured. When a key is handed out, you can capture information like the following:

  • Name of the person receiving the key
  • The code of the key
  • What doors the keys can open
  • If they are supposed to return the key by a certain date
  • What hardware is on a given door
  • What department the key belongs to

SimpleK captures that data and much more.

If an employee leaves, you have an account of what keys they have. If they don’t return the keys, you know exactly what doors are exposed and the potential threat. You can use the software to track one facility, or if your company has multiple buildings, you can track other sites as well. At any given time you know who has what keys, when they were issued, what doors they’re supposed to be able to open, and what doors they’re not supposed to have access to. This concept is part of a master key plan detailed in a past blog post I wrote called, “What is a ‘Master Key System’ and why should I care?

SimpleK Key Control Software

Securing Keys in Your Facility

Securing keys in your facility is something that should be at the forefront of the security plan when handing out keys. As mentioned above, you can do this in many ways. You always want to know what keys have been handed out, who has them, and if any of them are missing. The options I’ve outlined will allow you to bring stronger security to your facility and let your employees know that you’re taking key security seriously. This directly impacts their safety!

Let Kenton Brothers, a company with 125 years of experience providing locksmith services, help you decide what type of key security is right for your facility. Give us a call!

Kenton Brothers Lockpicking Contest: Beat The Punisher and win $1,000!

By Ryan Kaullen, Field Services Manager at Kenton Brothers

The PunisherKenton Brothers has created a lockpicking challenge for 2022 called The Punisher!

Lockpicking goes back to when the very first lock was invented and at Kenton Brothers our locksmiths have been picking locks from the start to get our customers into their locked doors. So we decided to have a little fun and come up with a contest for anyone who wants to go through the gauntlet of lock picking that we call “The Punisher”.

The Rules

  • Have to pick a total of 15 locks in under 2 hours. Each lock on level 1 must be picked in 5 minutes or less. All locks on consecutive levels must be picked in under 10 minutes each. You can bank time if you pick a lock in under its required time… this time can be banked towards the next lock. If at any time you go over the time limit at any specific lock, your attempt is over.
  • Must use Kenton Brothers provided pick set.
  • Must be supervised and scheduled at the Kenton Brothers office located at 3401 E. Truman Rd Kansas City, MO 64127.
    Please call our main line at 816-842-3700 to provide name and contact info to schedule your attempt.
  • Must be done from 9am to 2pm Monday – Friday.
  • Each person is only allowed one (1) attempt.
  • Any person attempting can’t be a professional locksmith or a Kenton Brothers Employee.
  • The first person to successfully open all 15 locks under the contest time limit will be awarded $1,000.00.

We’ve been commercial locksmiths in the Kanas City community since 1897. And we are always looking for fun ways to engage with the community. This is a fun and friendly contest to show how hard it is to pick locks and provide a small insight to what Kenton Brothers does on a daily basis. Please give our office a shout today to schedule your time to give your best shot to The Punisher!

Skyrise Master Key Projects – Hundreds of Locks and Thousands of Keys

By Ryan Kaullen, Field Services Manager at Kenton Brothers

Skyrise Master Key ProjectKenton Brothers is celebrating its 125th year of being a commercial locksmith located in Kansas City, MO. Over the years, we’ve rekeyed just about everything. One of the types of projects we really enjoy is bringing large scale buildings onto master key systems. We’ve talked about Master Key Systems previously. They provide a more secure method of key control.

Recently, Kenton Brothers rekeyed two large skyrise buildings.

Each building was over 15 floors tall, had historical sections, tenant spaces, resident loft spaces, company only spaces and general use spaces. The trick in these kinds of projects is creating a master key schedule that works for everyone involved. There are two dynamics involved… controlling access for the various use cases, and coordinating the physical project of rekeying at this scale.

Both buildings being rekeyed were built in 1939 and have been restored throughout the years to their current conditions. This type of rekey is especially fun for Kenton Brothers because we love being a part of the story of the historic buildings in Kansas City, Missouri that have been around as long (or close to as long) as our company. (We’re proud to have served the community here in Kansas City as commercial locksmiths for as long as we have!) We love working in old buildings like this because of the architecture and design of the buildings. We don’t get to work in those every day and they are beautiful.

Skyrise Master Key Project Skyrise Master Key Project Skyrise Master Key Project

There are a ton of coordination factors to contend with for these types of rekeying projects.

No matter the size of a rekeying project, we first need to create the master key system design and get it approved. Then, we have to schedule installation steps in a way that has the least impact on both commercial tenants and residents of the buildings. (They needed to be given sufficient time to prepare for the rekey.) And the historic sections in both buildings required extra time and planning as well. The most challenging parts of this project was coordination with tenants and having to be extremely careful with the historic doors in both buildings.

We physically had to remove hundreds of locks at each building and rekey them onsite. And we had to cut and stamp over 1,000 keys at each building!

Our main goal with projects like these is to improve the security for people who live and work in these buildings every single day. A master key system helps provide a great first layer of security. We provided quotes for both of these rekeying projects and finished them on time and on budget for our customer.

If your building is past due to be rekeyed, especially if it doesn’t have a master key system in place currently, let’s talk and we will help you secure your people, property, and possessions!


What is a “Master Key System” and why should I care?

Master Key Systems

By Courtney Emra, Lead Customer Service/Sales Assistant and Ryan Kaullen, Field Services Manager at Kenton Brothers

A master key system is made up of a group of locks, and the keys that operate them. They’re related in a hierarchy with one key at the ‘top’, which will fit into many locks; and many keys at the ‘bottom’ which may only fit into one lock. The fewer master key levels, the more secure the system.

A master key system allows you to know which employees have physical access to which portions of your building(s) or secured areas. These systems are designed to prevent unauthorized duplication of keys. As part of a master key plan, you designate which employees have the administrative capability to request a duplicate key or rekeying.

Whether your business is large or small, a master key system is a great addition to an existing credential-based access control solution for protecting your people, property, and possessions.

Master Key System Process

The process of setting up a master key system involves a series of critical steps to make sure your company is secure.

First, Kenton Brothers will come out and do an evaluation of your facility. This will help determine if your existing door hardware will work with a master key system and how you currently secure the facility or room in question. Next, we go over the master key plan together. This allows us to understand the hierarchy of your staff and the appropriate access for each. This authorization list tells Kenton Brothers who can request a key to be made, report a key that is lost or stolen, request technician service, etc.

Finally, once this information is gathered, we present the new key plan as well as a map that is marked to show which keys go to which access points. From there, we order the necessary parts and products for installation and schedule an installation date.

Door Hardware Additions

A common question we hear is, “How do you tie restricted cylinders with adequate hardware to match securing my facility?” Kenton Brothers has options!

Grade-1 or Grade-2 hardware are the best options from the top manufacturers in the industry. Grade-1 not only is the top for commercial installations, but it also increases security from vandalism and heavy usage. (Like exterior doors with a higher traffic flow in and out.) Grade-2 meets light commercial and is more than enough for residential scenarios. (Like interior doors, such as storage closets, HR offices, and lower traffic flow areas.)

Master Key System Maintenance

Tri-FlowThe most critical thing to know when it comes to maintaining a master key system, is to never use WD-40 in the locking mechanism! There’s a specific graphite spray, called Tri-Flow, made for cleaning out master key locks. Kenton Brothers can come on site to take care of that with a maintenance program, or we can sell you cans of the appropriate spray if you want your facility staff to maintain the locks.

Ongoing maintenance of a master key system is important. It’s critical to keep your locks maintained at least annually, especially during the cold and salty winter months.

If you don’t currently have a master key system in place at your organization, we would love to help you set that up! Please contact us and we will have a conversation about your current situation and what it would take to implement a master key system in your office space or across multiple buildings.

Red Team Testing: It’s the 1992 “Sneakers” movie in real life in 2022.

By David Strickland, Vice President of Kenton Brothers

1992 Sneakers Movie Poster

The 1992 movie Sneakers, starring Robert Redford and Dan Aykroyd, was about a Red Team that was hired to break into companies all over San Francisco.  They were hired by the same companies they were trying to break into. This was done to test their security measures (both Physical and Cyber) – What we like to call “convergence” these days.

Robert Redford’s Red Team was made up of both physical security experts (a thief and a federal agent) and cyber security experts (a hacker and electronic technology expert). Their mission was to test and penetrate the defenses of the target company to point out any weaknesses. If vulnerabilities were found, the company could shore up their defenses and make their company more secure.

Fast forward 30 years to 2022. The Red Team Testing technique is still in full swing.

Red Team Testing is still the pinnacle of testing your security systems so that you can determine your risk of exposure. The Red team will look at every aspect of your convergent security systems and create a detailed report on your weaknesses.

Red Teams ask the question – What would happen if your company was faced with some of the following scenarios?

  • Active Shooter
  • Cyber Attacks (Internal and External)
  • Industrial Espionage
  • Theft (Physical, Digital, Intellectual Property)
  • Sabotage
  • Power outage
  • Mass Casualty event (Weather, explosives, Chemical)
  • Pandemic
  • Work Place Violence

Here are a few of the techniques Red Teams will use to test your company’s exposure level:

Physical Security Penetration Testing:

Red Team TestingRed Teams will test physical penetrations with your company’s physical assets (buildings, vehicles, networks, people) and measure the company’s response and how long it took to detect and act on those tests. They will measure the effectiveness of your policies and procedures and how they affect your deterrence and detection systems.

The Red Team will pose as employees or service providers to gain access to your company’s inner workings. They may also attempt to break into see what is possible and if they get caught. They’re looking for assets they can compromise and gain access to while on the inside.

Did your coworker leave proprietary information on a white board for all to see? Did everyone sign out of their workstations? Are your access control doors propped open for easy access? If someone unplugged one of your surveillance cameras and plugged it in to their laptop, could they gain access to your network? Can they connect a thumb drive to your server? Could they sneak a weapon in? Have all of your Internet of Things (IOT) devices had their default usernames changed? The list is long.

Cyber Security Penetration Testing

Where physical penetration testing might seem like a hammer, think of cybersecurity testing as a scalpel. Red Teams utilize web application attacks, such as cross-site scripting, SQL, piggybacking, injection and backdoors, to uncover a target’s vulnerabilities. Testers then try and exploit these vulnerabilities. These types of risk include stealing data, intercepting private/confidential traffic, asset discovery, exploitation and complete shutdown. As we all have become aware, Ransomware is a true and present threat to every size of business.

In the complex cybersecurity landscape, penetration testing has become a must for most industries. In many, in fact, it’s required by law.

For instance:

  • Health organizations ensure healthcare data security under HIPAA
  • Financial institutions test for FDIC compliance
  • Businesses accepting or processing payment cards must comply with Payment Card Industry standards
  • Critical infrastructure entities must follow guidelines outlined by NERC

Even businesses that might think they don’t have any valuable information to protect could be at risk of someone trying to take over the network, install malware, disrupt services, and more.

The End Game

What does all this sneaking around mean and why should you care? Red Team Testing allows you to identify and exploit your security weaknesses without the impact of debilitating consequences. From a Red Team’s report, you can adjust your response to the threats that you see as your biggest exposure. You’ll have the ability to identify specific weaknesses and the best approach for shoring them up.

Breaches Happen Every Day – Here’s an example.

One story about a Red Team that comes to mind was about a team that created malware laced thumb drives. And they labeled them with the contracted company’s logo to make them look official. The Red Team followed several employees to a local convenience store and would drop these thumb drives by their car door when the employee would enter the store. When the employee would come back, they would see the logo and thumb drive and assume they had dropped it. They would dutifully pick it up and bring it back to work with them. Curious about what was on the thumb drive, they would insert it in the USB port on their workstation and physically introduce malware to their cyber network. Game over.

This is a great representation of the techniques a red team employs to gain access. They used social engineering to “hack the employees” and defy the policy of no outside USB connections on the network. It seems innocent enough to the employee, however the vulnerability was able to exploit the banking information of a large regional bank. Fortunately, this was a test. Only a test.

Security Systems and Processes have the best chance for success when they’re working in unison. You may have the best security system in the world, but if you forget to arm it, it’s useless. Red Team testing allows you to test both systems and processes.

Interested in how this testing could help your organization? We can help! Please reach out today and we will discuss exactly how Red Team testing can increase the protection of your business.