Are you running up your Security Debt?

By David Strickland, Vice President of Kenton Brothers

Security DebtOver the last 10 years, companies, schools, churches and local government entities have invested billions of dollars in improving physical security to reduce risk and keep their people, property and possessions safe. As crime has increased, security directors and those responsible for security have done their best to meet the challenge and adapt to the threat levels they face.

With the increased speed of technology advancements, the sophistication of criminals evolving and the reduction of qualified workforce to run and maintain the physical security equipment, organizations find themselves getting deeper and deeper into ‘Security Debt”.

Security Debt: The inability to maintain and service existing physical security systems to their proper functioning standard.

Security Debt begins with smaller things like not acknowledging alarms and alerts in the access control system. Or maybe your organization hasn’t had the normal lobby guard back since the pandemic. Maybe your organization has skipped the last few camera cleaning trips around the building because there isn’t enough time to get to it this month. Sometimes it’s a policy or procedure that no longer is followed like inspecting and locking the doors when school starts.

The good and bad news is that you’re not alone. Organizations just like yours are facing the same struggles. The Security Debt piles up month after month.

Security Debt vs the US Debt Calculator

A snapshot of the realtime US Debt Clock. For an updated view, please visit https://www.usdebtclock.org.

The biggest issue with Security Debt is that it won’t go away on its own. Just like credit card debt that millions of people have, Security Debt gets bigger every month when we don’t actively manage it. The interest compounds and we press against the debt ceiling hoping we don’t have an emergency that exposes our liability. This emergency might appear as a system failure, a missed internal theft or a major life altering event.

An estimated 81% of physical security systems are not currently up to date with firmware and software updates.

Just like financial debt, you must make a plan to get out of Security Debt.

Here are our suggestions on how your organization can get out of Security Debt:

Make a Plan – Yes, I know we just said that, but it’s worth repeating.

  • Bring together the key shareholders in your organization and document the Security Debt you are acquiring.
    • What physical security systems do you have deployed? (Access control, IP video surveillance, intrusion detection, duress systems, mass notification, lobby and guest management, weapons detection, physical security guards, perimeter fencing, parking control.)
    • What type of maintenance and upkeep do these systems need to be kept in optimal operating status? (Cleaning, adjustments, firmware and software updates, alarm and signal maintenance, periodic testing, inspections.)
    • What are your resources to complete the maintenance and upkeep lined out above?
  • Create a timeline and responsibility matrix
    • Who is responsible for what task and by what date?
    • What resources are needed? (Budget, People, Contractors)
  • Change your policies and procedures to match the current business environment
    • Automating the lobby so that a guard is not necessary
    • Changing locks to always be locked and unlocking only when passing through
    • Outsource your ongoing system support
  • Report back progress monthly
    • It’s important to close the loop
    • Reprioritize if necessary
    • Share best practices

Security DebtOne of the best ways to get rid of this debt is to outsource the maintenance and support of your systems. Establishing a relationship with a trusted security partner such as Kenton Brothers Systems for Security is something we would love to talk with you about. Think of us as a fractional Chief Security Officer. Kenton Brothers has manufacturer trained personnel to help maintain your investment as well as manage your daily alarms, annual firmware upgrades and ongoing operating system updates. We have certified physical security experts on staff that can help create policy and procedures for your specific situation.

You have other things to concentrate on. Let Kenton Brothers Systems for Security help you get rid of your “Security Debt”. Let’s talk!

Top 5 ways to keep your school, business or organization secure and ready for emergencies.

Convenience and SecurityBy David Strickland, Vice President of Kenton Brothers

With the recent events in Uvalde, we are reminded again how critical security systems are and the role they play in protecting people, property and possessions. In Part 1 of Convenience vs. Security, we discussed some of the missteps at Robb Elementary and how those choices led to loss of life. In this blog, we will be discussing 5 things you can do today to help reduce risk in your school, business or organization.

1. Have your local law enforcement agency or trusted certified security partner conduct a thorough physical security site assessment.

This physical sight survey is part of an open and honest conversation. A thorough all-hazard threat, vulnerability, and risk assessment will take some time and involve all stakeholders or a representative from each group (Students, Staff, Administration, HR, IT, Parents, Legislatures) the more people involved the better. This assessment will review policies and procedures as well as identify the physical security components that make up your organization’s campus or grounds. It will highlight your current situation and the risks that you face. It will help you understand the common language used by industry professionals to describe risk levels and the mitigation techniques to overcome them.

Convenience and SecurityThis assessment is critical for your organization to understand where it is today and where it needs to be tomorrow.
Many times these assessments can be provided for free from local law enforcement, DHS field agents or Security Partners like Kenton Brothers Systems for Security. It’s important to ask your partners about their certifications. Cost should not be a barrier. (Please call us for support.)

If you’re reading this and think you should take a crack at your assessment first; the Department of homeland Security and CISA have created an online assessment tool for you. You can find it here: https://www.cisa.gov/school-security-assessment-tool

2. Create an Emergency Plan based on the things you learned from your security assessment.

Once your assessment is finished, you will have a clear view of your physical space, the policies and procedures in place, and the risks you face with both. We encourage you to create an emergency plan, taking into consideration the items you’ve learned. This plan will cover all risks and scenarios you may face in the next year. We say year because this should be reviewed annually and adjustments made.

FEMA has created some very good tools to get you started. You can access them here:
https://training.fema.gov/programs/emischool/el361toolkit/siteindex.htm

They have also published a sample plan that will give you a template to follow. You can find that here:
https://training.fema.gov/programs/emischool/el361toolkit/assets/sampleplan.pdf

Convenience and SecurityAction items might include adopting new physical security measures or improving the capacity of existing measures to detect, delay, and respond to threats across various layers of the school campus.

Plans could specify the need to provide staff with communications equipment, create policies to improve responses to safety incidents and training staff on these policies, or conduct refresher trainings so that staff and students are aware of how they should respond if and when an incident is detected.

If a school has identified in the vulnerability analysis that it lacks measures to enable quick response from first responders in case of an emergency, a plan might specify what additional measures could be in place to speed that response. The goal with the plan is to ensure consistent application of security throughout the entire campus or organization.

3. Conduct drills and monthly tests of the components in your security system.

Create a culture of preparedness among faculty, staff and students by consistently drilling each of the critical hazard responses. Fire Drills, Active Shooter Drills, Tornado, Flood, etc. Providing emergency preparedness training to team members faculty, staff and students keeps top of mind awareness. It also helps keep all layers of your organization informed. It will help you see where you need to improve and adjust your plan.

Additionally, we recommend that you test all of your access control, IP video surveillance, intrusion detection, panic devices and mass notification systems monthly to insure proper working order. We also recommend that these components are cleaned and maintained on a quarterly basis. They should have their firmware and software updated at least annually as well as with any major updates recommended by the manufacturer. Your physical security provider should be meeting with your IT department regularly (twice a year) to discuss cyber security of the physical security network to mitigate cyber threats.

Drilling, maintenance, upkeep and adjustments are critical to the successful deployment of your security plan.

Convenience and Security

4. Make snap inspections of your physical grounds at least once a month.

People respect what is inspected. Security staff or designated personnel and a member of executive or administrative level team members should conduct walk around inspections of policy and procedures on a random, but consistent basis.

Leadership should ask the following questions:

  • Is my perimeter secure?
  • Is my building secure?
  • Are doors being propped open or forced open during school hours?
  • Will our system warn us when these activities are happening?
  • Who monitors the alarms that are generated when these events happen?
  • What is our policy to respond to those alarms?
  • Are all of my cameras running and recording high quality images?
  • Have I verified how many days my recordings are saved?
  • Are my cameras dirty? (At night dirt will reflect infrared light back at the lens.)
  • Are all my classroom doors locked?
  • Are all the emergency exits clear and unobstructed?
  • Do my panic buttons work?
  • Does my mass notification system work?

There are many more items we could add to this list depending on your specific scenario.

5. Partner with your local law enforcement and mental health professionals to increase awareness and outreach.

One of the sad statistics that we’ve learned over the last several years is that school or workplace violence tends to be committed by people we know. Law enforcement and mental health professionals in your area are valuable resources for assessing threat levels in human behavior. We recommend an ongoing meeting with these resources in the hopes of prevention.

One of my favorite school administration teams meets with local law enforcement, school counselors and parents to actively engage in discussions around supporting at risk youth. They call their group the “A team” and they have been very effective. By engaging early and being intentional in their support, they’ve created strong relationships with the youth, parents and teachers in their organization. The A Team has opened up communication and thwarted violent behavior before it starts.

The goal of this blog is to give you tangible steps to help you create a secure environment for your team members, students, staff, teachers, parents or customers so that they feel safe and able to thrive. If you need help going down this path, please give us a call and we will walk the path with you.

Project Spotlight: Allen County Sheriff’s Office

Allen County Intercom ProjectBy Neal Bellamy, IT Director at Kenton Brothers

The Allen County Sheriff’s Office intercom system is part of the critical infrastructure that allows communication throughout the detention center. It serves as a tool for safety and security for officers and detainees equally. The existing system was operational, but aging. As part of the critical infrastructure, we needed to make sure it stays operational as well as make it possible to add future capabilities.

The server room is tight.

Allen County Intercom ProjectWith two equipment racks and cabinets on the wall, there wasn’t much room for testing and repairing any failed equipment. Every wire was in conduit extending down to the racks and cabinets, adding further difficulty to any troubleshooting. Replacing the intercoms was also our opportunity to re-organize the server room, consolidate equipment and remove one of the racks.

Because of the importance of the intercom system, it could not be offline while we weren’t physically there working on it. The idea was to organize and label the wires, then take the system, disconnect the wires, take out the rack, install the new rack, and re-connect the wires in one day. Then with the intercom operational again, we could clean up the other items around the server room and remove the empty rack.

This story is not about how things went perfectly. You know how people say “Man Plans, and God Laughs.”; This was one of those days. Today’s story is about how the KB team relied on knowledge, experience, and determination to overcome some difficult situations and meet our customer’s needs. #goteam

When we arrived, there was trouble with a shower valve.

Allen County Intercom ProjectThis cost us a couple of hours right off the bat. It was important to the customer, so we switched priorities to take care of them. Charlie, one of our project team members, got called away on a personal matter. Family comes first, so Jeremy and I wished him safe travels and hoped everything would be OK. (Thankfully, they are.)

Jeremy and I got started. It’s easy to say during project planning that we would just disconnect and reconnect the wires, but I think we underestimated what disconnecting and reconnecting 400 wires would actually take. Especially when everything was in conduit. After getting started at about 10 am we executed the plan. We stuck it out until about 7:30 pm when we finished connecting the last wire. With the new rack and new system in place, we were ready to start testing.

Wouldn’t it be great if everything was turned on and worked perfectly?

That just wasn’t the case. After about an hour of troubleshooting, we had to make a call. We couldn’t leave without a working intercom system, so we decided to put the old system back into play. A large portion of the project had been completed with the cabling and rack work. And we knew it would be a good idea to get to a stopping point and regroup. All the wires could stay in the rack, so we re-racked the old equipment and re-connected the intercoms and made sure everything was working. With the system back up and operational, we called it a day at 9:45 pm.

With the new rack in place, we decided to continue the server room clean-up while troubleshooting the new intercom system. Charlie was back in action. He and Jeremy continued working on the server room while I took the intercom back to the workbench at Kenton Brothers. After stepping through each component of the intercom system, we found the culprit. (It seems like it’s always the $10 part that fails.) After replacing the faulty part, Charlie was able to make a return trip to the Allen County Sheriff’s Office to reconnect the new intercoms and leave a more organized server room.

The difference is drastic as you can see in the before (left) and after (right) pictures.

Allen County Intercom Project - Before Allen County Intercom Project - After

Allen County Sheriff’s Office has a new intercom system that will serve them well for many years. And they have a server room with more space and much better organization. This will allow future equipment additions and troubleshooting to be done efficiently.

We are proud to be partnered with the Allen County Sheriff’s Office for their commercial security needs. This was a challenging and rewarding project!

Strong Passwords and Multi-Factor Authentication are no joke.

By Neal Bellamy, IT Director at Kenton Brothers

If you’ve been following us for any length of time, you know that Kenton Brothers is all about your physical security. Today, I’d like to talk a little about a different kind of security… your digital security.

Strong Passwords

Over the past decade you should have got the message to use strong passwords. (Probably too many reminders… but are you still using the same, easy to remember password for all your accounts?)

Passwords like “JackAndJill” and “123456” are fairly easy to hack with brute force methods. Also, as more and more data breaches occur, hackers gets access to lists of usernames and passwords. So even if you did come up with the “un-hackable” password and it got leaked, it’s now compromised.

Is your password on a list somewhere?

Kenton Brothers: Strong Passwords and Multi-Factor AuthenticationDid you know there is a website that can show you how many times your password has been recorded in data breaches? The website is haveibeenpwned.com. You can go there to see if your email or password has shown up on hacked lists. By the way, there is no such thing as an unhackable password. Given enough time, with enough resources, any password can be cracked. It seems pretty dire, doesn’t it? However, there are even better ways to protect yourself.

Passphrases

One way to help protect yourself is to use stronger passwords. Better yet, use passphrases. A passphrase is generally longer than a password, which makes it harder to guess, but easier for you to remember. Think of phrases that you use around your family and work-family and use those phrases as passwords.

For example, my family is pretty sarcastic. So when talking to my daughters about getting asked out on a date, my suggested response for them is “HaHaHaYouInsignificantFool”. Throw in a couple of numbers and special characters and you’ve got an easy to remember, secure password. Just remember… not only is it important to have strong passwords, but you’ve got to change them somewhat frequently.

Password Managers: A Unique Password for Every Website

Another way to protect yourself is to use a unique password for each system or website that you use. Unfortunately, this strategy is harder to implement than it seems. I probably have 100+ unique systems and websites that I would need to remember the unique password for. My brain just doesn’t have that kind of storage. That’s where password managers come into play.

A password manager can remember the passwords for you. You just have to remember the master password for the password manager software. There are lots of options out there. Just Google “password manager” to get started. Some of the most common are LastPass, Roboform and Dashlane.

Password managers can be a little cumbersome, like when I’m browsing from my phone rather than my laptop. However, for important accounts with stored credit cards or other personal information, it’s worth the minor inconvenience.

So far, we have just been talking about passwords. An inherent weakness of a password, besides a weak password, is that they’re a single “key” you need to know to gain access to an account. Even better than a strong, unique password is to pair that password with another form of authentication.

Multi-Factor Authentication (MFA)

Kenton Brothers: Strong Passwords and Multi-Factor AuthenticationA lot of websites, including Facebook, Google, and Office365, allow Multi-Factor Authentication (MFA). Multi-Factor Authentication makes sure you are who you say you are by asking for an additional “key” in tandem with your password. MFA can be PIN texted to your phone, an app on your phone that has a PIN that changes every 30 seconds, or a notification on your phone that verifies asks you to confirm you’re trying to log into your account. MFA is easier to use, easier to set up, and more secure than a solitary password.

MFA can be required every time you log in, or only when you’re logging in from a new device. When you log into a site or service, you’re asked for your username and password, but then you’re asked for your second form of authentication. After your MFA is confirmed, you can use the site or service as normal. Since your phone is often the method that your MFA uses, a hacker would need to have your password and your phone to gain access to your account.

Next time you’re given the chance to provide your cell phone number for Multi-Factor Authentication, I recommend you do so! It’s easy to set up and easier to use than a password manager. It’s also more secure than using just a password. For a website that has personal information, but doesn’t have MFA, please make sure your password is unique and strong! This will go a long way towards avoiding the pain of identity theft or other challenging situations if someone were to get into your account.

Employee Spotlight: Taylor Peebles, Field Services Coordinator

By Kristen Harper, Controller and HR Manager at Kenton Brothers.

Taylor Peebles and her dogsTaylor Peebles joins the Kenton Brothers team with a strong background in project management with an emphasis on customer service.

Taylor’s eight years of experience in custom interiors and construction bring a customer focus to the forefront of her work. She is good at making sure the small details are always treated carefully and with the customer in mind. You’ll often see Taylor in our office answering calls for customers. She also assists the Kenton Brothers team with every day duties such as scheduling and helping customers/colleagues by listening to their concerns and looking for solutions.

Taylor enjoys being involved in business planning, problem solving and teamwork to achieve company and personal employee goals.

When Taylor is not in the office, you can find her enjoying time in her first home with her partner, Evan. Taylor is a dog mom of two very opposite, fun-loving dogs; Boston the Schnoodle and Bonnie the Pitt-mix. Outside of new homeowner life, Taylor loves spending time at the lake with her family, swimming with her two nephews and grilling over a fire pit. You’ll likely catch Taylor “thrifting” and shopping for antiques on the weekends.

Taylor Peebles and Evan

If you ever get a chance to speak with Taylor, you’ll quickly learn that she feels laughter is the best medicine.

“I love making people laugh when things get hectic or stressful, although I know when to get serious. I think it’s important to take time out of your day to smile. And hopefully, you feel lucky to be part of a great team… like we have here at KB.” – Taylor Peebles