VISITOR MANAGEMENT SYSTEMS
Walking through the lobby of an office building typically entails greeting the security guard, presenting your identification, and waiting for further instructions on how to access the premises. However, as technology continues to modernize it also changes the way we work and communicate. Computers are quickly replacing the familiar faces of security desk staff and our digital identities are quickly defining our access. https://mikeechols.com/visitor-management-system
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Visitor management system
1. Michael Echols 11 March 2019
Visitor management system
mikeechols.com/visitor-management-system
Visitor Management Systems
Walking through the lobby of an office building typically entails greeting the security
guard, presenting your identification, and waiting for further instructions on how to
access the premises. However, as technology continues to modernize it also changes
the way we work and communicate. Computers are quickly replacing the familiar
faces of security desk staff and our digital identities are quickly defining our access.
Whereas we used to say “who can I talk to” when encountering an access issue, we
now talk to machines. Among other functions, these systems can check in guests,
control their access in and around the facility, and send security alerts/updates to
security personnel as necessary.
Grow Popularity
The use of visitor management systems has gained a lot of popularity in recent years.
Computer databases are more accessible through technologies like cloud and the
costs of networking has declines. In fact, sales are predicted to surpass $1.3 billion by
1/3
2. the year 2025. These kiosk-like computer screens were designed to strengthen
security measures by authenticating visitors and issuing badges for them through an
automated process. But unlike your regular “sign-in sheet” that permits you to see
who’s checked in earlier, the visitor management system keeps corporate information
a little more private.
Vulnerabilities of Visitor Management Systems
Like most devices that are connected to the internet, visitor management systems
have vulnerabilities that can be easily exploited. After studying the 5 most popular
systems – Lobby Track Desktop, Threshold Security, EasyLobby Solo, Envoy Passport,
The Receptionist – IBM has highlighted some of their security issues. IBM found that
hackers can easily gain access to contact information, visitor logs, and sensitive
company data; all of which can be used against the victims.
One of the biggest vulnerabilities that IBM identified is caused by poor cyber hygiene.
What do we mean by that? Well, several applications associated with the
management system used default administrative credentials that were not changed.
As a result, hackers can complete access to, and control of, visitor databases. Creating
strong and challenging passwords is a fundamental step towards practicing good
cyber hygiene and securing an organization’s cyber presence. Providing this
advantage to seasoned cybercriminals, who have mastered penetrating even the
toughest security passcodes, makes access simple.
The Attack Profile
Once hackers gain control of the visitor management system, the potential for
damage is endless. They can choose to exfiltrate data, gain network access, or plan a
physical attack. Gaining a foothold of the network will allow criminals access to
credentialing systems to produce badges. This is a direct path to unlocking doors
without creating alarms in systems managing physical access across organizations.
From there, stealing other valuable physical assets is a breeze.
A hacker can now blend in as no one is paying attention to someone who has a valid
ID card. The lack of forced entry undermines a security practice that looks to identify
forced intrusion. In addition, exfiltration of data is easier as it can be picked up off
desks and walked out the front doors of the facility. Once extracted, the information
can be sold to other criminals or companies that will find value in the data. Worse, the
credentialing access can also be sold, and the cycle could continue for a while before
anyone knows the intrusion is occurring.
This is just one more example of how cyber – physical crossover is occurring in our
world and highlights the need for better risk management across all entities. The risk
manager and the chief information officer must be in synch as to how access will be
cross checked. Hackers are getting smarter about doing business. Security planning
from a holistic perspective is paramount to corporate risk management. Suspending
disbelief about the intelligence of hackers will allow better protection for all corporate
stakeholders.
2/3
3. Tying Up Loose Ends
Since its findings, IBM has informed the 5 companies of the risks associated with their
products. All were advised to implement full-disk encryption that is backed by a
hardware security module because any system accessible to the public inevitably
faces the dangers of hacking. After all, resiliency starts with preparedness. Visitor
management systems are used to simplify procedural business routines, however
that does not mean they should use simple credentials. Password integrity is the
basis for any security system and should not be taken lightly. Default passwords must
be changed immediately, and administrative privileges given to only a select few.
Ultimately, limiting system access will decrease the likeliness of a cyber-attack.
Visitor management systems are valuable and even have ability to improve business
functionality. However, improved functionality must never come at the expense of
security.
3/3