Physical office spaces are being left empty due to COVID-19 stay-at-home and social distancing orders, leaving them vulnerable.
Cybersecurity might be the number one issue people think of related to remote working
, but what about the physical security of the offices left empty due to COVID-19
? Protecting the assets within an office and those that may need to come in and out should still be a top priority.
Remote monitoring and access
Security officers and business owners should still have access to remotely monitor any empty and unused office spaces. Remote monitoring capabilities — through mobile devices or desktop — are offered by the majority of today’s video surveillance providers; although, security operators may not have been fully taking advantage of it before this pandemic. Now is a good time to review your system’s remote monitoring capabilities.
While it may not be necessary to completely lockdown and lockout employees from office buildings, having access to surveillance and access control systems
can help monitor all activity in and around empty facilities. Remote monitoring will allow security personnel to see who is accessing the premises, when and for how long. Access control systems can also be configured to keep unauthorized areas locked, and notify the necessary persons if someone tries to enter.
Kevin Donegan, VP of Strategy and Cyber at Convergint Technologies
, also highlighted the need to remotely monitor devices and systems. He noted that devices and systems must be secure, but they also must be maintained.
“Capabilities need to be deployed to remotely monitor the devices’ health and performance, as well as its security,” he said. “Security staff needs to be able to update or patch devices from their homes and to know when devices fail. The devices need to be secured, monitored and have a capability to mitigate threats as they arise.”
Cybersecurity still important
The very act of remotely monitoring security systems
can open new vulnerabilities into the systems, according to Donegan. “This opens new connections, exposes more communications to the internet, and invites attackers to eavesdrop on the communications or to try to tailgate into the network,” he said.
Donegan explained that while login portals for critical systems — such as physical security device networks and building automation systems — are put directly out on the internet so that security professionals can access and manage them from home, oftentimes these are end-of-life systems. This means they are no longer supported by manufacturer patches or they are just not patched regularly, opening new vulnerabilities easily discoverable by attackers.
“We are deploying cloud-based managed detection and response (MDR) and health monitoring (HM) capabilities that have secure communication models proven to meet or exceed industry standards,” Donegan said. “These systems allow teams to monitor, update and secure their environment remotely, without increasing their exposure and reducing the burden on security staff.”
Reevaluate your security plan
With offices empty, it could be a good time to review and implement new and existing security policies and procedures. Conducting a security assessment while offices are vacant allows assessors to execute tests without interrupting normal operations.
It is also a good time to think about security protocols and contingency plans for all physical security systems, including video surveillance, access control, intrusion detection, lighting, etc. Up until now, most companies have probably not needed to execute disaster contingencies; however, the COVID-19 pandemic has proven how important they are to have, keep updated and improve upon.