Canadian Security Association

Defined by Quality and lead by Perfection

When looking for Full Circle IT Solutions, the answer is CyberTech 360

Whether it is an HVAC system, a point-of-sale terminal or a video surveillance camera, malicious attackers are looking for any way into your network and your valuable data, systems and intellectual property.

A physical security system could let in cyber attackers or viruses, including weak password management, incorrect installation, a network conflict, or a lack of encryption. The greater interconnectivity of devices creates new avenues of attack, one weak control panel or device could endanger the entire client security system, if not all of the client computers.

Challenges

Some of the challenges the Security industry faces arise as IT security is not an area of expertise for many security integrators. Other challenges result from not being well versed in a client organization’s cyber policies. Finally, the project scope of security integrators is often limited to installation, configuration and maintenance.

Integrators should have a trusted advisor position, and through a Risk analysis, the integrator can make suggestions and bring up where there are cybersecurity considerations. Cybersecurity needs to be part of the dialogue, as important as all the other aspect of the security system.

Cybersecurity is a three-legged stool consisting of people, processes and products. Even if manufacturers manage to lock down or contain their technology, there are still the issues of phishing, human error, Social engineering or configuration problems, and the risks change daily.

Integrator Considerations

Questions to ask your integrator or security systems manufacturer about their cybersecurity policies and practices are:

  • Do you have a cybersecurity MSA, and a point-person for cybersecurity queries?
  • Do you provide training on best practices, both for integrators and end users?
  • Do you have a system for notifying clients about critical cybersecurity updates?
  • How have you historically responded to reported cybersecurity issues?
  • How will cybersecurity alerts and services change as the system ages?