Access control systems are crucial for maintaining security in offices, warehouses, multifamily properties, and other facilities. Properly installing access control ensures convenience, reliability, and most importantly – safety and protection.

This guide covers everything you need to know, from choosing the right access system to step-by-step installation instructions.

Access Control Systems

An access control system limits access to specific areas based on set parameters. It’s comprised of readers, controllers, panels, credentials, wiring and software. When properly installed, access control seamlessly allows authorized individuals easy entry while keeping unwanted visitors securely out.

Access control systems provide many benefits beyond basic security, including:

• Convenience – With access control, authorized users can quickly enter without keys that can be lost, stolen or duplicated. Using credentials like keycards, fobs or fingerprints enables easy access.
• Accountability – Systems log all access attempts and events so admins know precisely who entered where and when. This helps resolve security incidents if needed.
• Scalability – Quality access systems easily expand along with your needs. You can add doors, credentials, users and features as an organization grows.

Because access control directly impacts safety and operations, having the right installation is critical. Improper access control installation causes reliability issues, security risks and prevents systems from working as intended.

By following this guide, you’ll be equipped to either professionally tackle access control system installation yourself or effectively work with an experienced installer. Let’s get started!

Choosing an Access Control System

Today’s access control systems range from basic standalone units to enterprise-level systems with cloud-based management and global connectivity. Consider the following when selecting appropriate access control:

Wired vs Wireless Access Control

Wired access systems: connect doors and readers via physical cables back to a control panel. This provides the highest security and reliability since wired systems are less vulnerable to interference. However, installing all the necessary cabling can increase costs. Maintenance also requires accessing panels to make changes.

Wireless access systems: use encrypted wireless signals to communicate between doors and the control panel. Wireless is much easier to install since there’s no cabling required. However, wireless has higher risk of signal interference disrupting communication. Hybrid wired/wireless systems offer a balance of security and simplicity.

Credential Readers

Common access control credential readers include:

• Keypad Code Entry – Users enter PIN codes. Simple and affordable but codes can be shared.
• Proximity Card Readers – Present compatible keycards/fobs within a few inches. Convenient option suitable for many applications.
• Biometric Readers – Scan fingerprints, iris or hand geometry. Very secure option but more expensive and complex.

Scalability and Expandability

An ideal access system easily adapts along with your organizational growth. Ensure your chosen system allows expanding to additional doors, users and credentials with minimal hardware replacements. Purchase through access control companies providing ongoing firmware/software updates for extended performance.

Access Control Technology Types

Modern access systems leverage various reader types and advanced functionality:

Card Readers

Proximity card readers are the most common access control readers. Presenting the proper keycard or fob within a few inches instantly unlocks doors. Multiple leading reader technologies exist:

• 125 kHz Proximity – Most affordable, common legacy proximity readers
• 13.65 MHz Proximity – Allows both proximity and contactless smart card credentials
• Smart Card / Contactless Smart Card – Enables multiple application credentials (physical access, payment, identification, etc.)

Biometric Readers

Biometric readers verify identity via human characteristics. Types include:

Fingerprint Readers – User presses or swipes finger. Fast and convenient option once configured.

Iris Scanners – Scans unique iris patterns providing very high accuracy. Slow process decreases throughput.

Hand Geometry Scanners – Analyzes hand shape and finger lengths. Medium speed but moderately expensive.

Biometrics offer incredibly secure access control because credentials can’t be borrowed, stolen or duplicated. However, they’re slower than card readers and cost more to purchase and maintain.

Keypad Entry Devices

Simple alphanumeric keypads allow PIN code entry to unlock doors and disarm systems. Keypads are affordable and very simple to use. However, shared or compromised PINs provide lower security. Keypad histories do help trace unauthorized access attempts.

Wired vs Wireless Systems

Wired access systems: use physical cables to connect all components. This prevents external interference allowing extremely secure and reliable performance. Since cables link numerous access points, properly pre-planning this extensive wiring is essential.

Wireless access systems: utilize encrypted wireless signals to communicate between the control panel and doors. Wireless systems install faster by removing labor-intensive cabling. However wireless performance strongly depends on maintaining reliable signals. Avoid installing wireless access controls in buildings with substantial steel/concrete construction or concentrated wireless activity. Hybrid wired/wireless systems help maximize benefits of both technologies.

Scalability and Expandability

Quality access control systems easily scale to growing organizational needs via incremental hardware and software expansions. When evaluating systems ensure you can seamlessly:

• Add more access points by installing additional door readers
• Expand user capacity by increasing credential counts and memory
• Extend features by upgrading software capabilities
• Accommodate new buildings by interconnecting multiple controllers

Seeking out access systems allowing comprehensive and affordable scalability prevents premature obsolescence.

Pre-Installation Best Practices

Properly preparing your facility before access control installation prevents delays, reworks and operational issues.

Access Control Site Surveys

Thoroughly survey all locations planned for system access readers or panels. Closely examine:

Measure Doors and Openings

• Verify door sizes and ratings meet safety and access codes
• Check door composition including glass, wood or metal construction
• Confirm measurements of adjacent door frames and hardware

Accurately measuring helps select suitable readers and request proper door modifications if needed. Having doors already up to code helps streamline installing access components.

Notes Intended Mounting Locations

• Mark where each access reader or keypad will mount based on sightlines, wiring runs and door swings
• Ensure mounting locations meet minimum proximity read ranges per chosen reader models
• Note locations with available power sources or requiring new circuits

Verify Network Infrastructure Capacity

• Confirm existing network equipment has sufficient capacity and redundancy to support access control systems without impacting normal connectivity
• Add additional switches or wireless access points if existing infrastructure is at or near capacity

Taking this time reduces incorrect assumptions and prevents scrambling for information once installation is underway.

Request Necessary Facility Modifications

With careful site surveys completed, request any necessary facility updates to maximize access control readiness. Examples include:

• Adjust door sizes, hardware or frames failing to meet codes
• Add power and low voltage wiring capacity where required
• Relocate wireless access points causing potential interference
• Increase network equipment capacity to support systems

Making these incremental improvements ahead of installation helps avoid significant rework and unexpected costs down the line.

Physical Installation Guide

Once you’ve completed planning and preparations, it’s time to tackle the access control system installation. We’ll walk through best practices for mounting hardware, wiring components and powering up controllers.

Mounting Access Control Readers and Keypads

Proper placement and installation ensures readers and keypads provide convenient secure access without obstructing doors or sightlines:

Ensure Suitable Mounting Height

• Standard Height – 42-48” from floor to middle bottom edge of reader
• ADA Height – 36-39” from floor to middle bottom edge of reader

Check your local ADA height requirements for accessibility compliance.

Position for Convenient Access

• Place readers within easy reach from natural access paths
• Don’t force excessive side reaches across doorways or stretches behind open doors

Avoid Physical Obstructions

• Prevent doors or door bars from striking access readers and keypads
• Place out of primary egress routes to keep individuals from bumping into equipment

Confirm Adequate Read Range Coverage

• Adjust reader position until read range easily reaches typical credential presentation height
• Ensure read range has ample overlap with access paths so users don’t require exact placement precision

Taking measurements ensures proper sight lines for biometrics and avoids frustrating false negative reads.

Securely Mount Hardware

• Follow manufacturer instructions for securely mounting to prevent equipment loosening or falling
• Use tamper resistant screws into solid blocking behind drywall or masonry anchors
• Apply tamper seals once mounted to detect unauthorized removal attempts

While access hardware appears robust, improperly mounted units frequently come loose through door slams and accidental bumps. Take time to firmly secure in place.

Neatly Wire Components

• Tighten strain relief clamps around all reader and keypad wiring
• Contain exiting wires into clean bundles
• Use wire molding to neatly conduit wires above ceiling or behind walls back to access panel

Skipping wiring best practices leads to loose dirty wiring detracting from facility aesthetics and posing tripping hazards. Professional wire management keeps implementation neat and workmanlike.

Access Control Panel Installation

Control panels house the boards, power supplies and backups to operate your access systems. Positioning according to manufacturer guidelines optimizes performance.

Ensure Stable Panel Mounting

• Secure DIN rails or equipment racks provide stability preventing alignment shifts during expansion/contraction cycles
• Wall mounting often allows excessive vibration decreasing equipment lifespan

While simply screwing panels directly on walls appears quicker, slight ongoing motion damages electronics over time. Invest in sturdy mounting solutions built to withstand vibration and temperature swings.

Maintain Proper Spacing

• Allow minimum manufacturer recommended spacing around panels for airflow preventing overheating
• Avoid filling cabinets completely full to enable adding future expansion boards

Squeezing equipment together risks electronics failure – extending spacing slightly improves reliability.

Provide Dedicated Power Circuits

• Install dedicated 20A outlet from separate breaker for redundancy
• Using shared circuits risks overloading causing system shutdowns
• Connect UPS backup power to condition supply and bridge short interruptions

Unlike computers gracefully shutting down, access systems must maintain continuous uptime. Dedicated conditioned and backed up power prevents disruptions that disable secure access.

Connect Network Infrastructure

• Use shielded CAT6a cabling from independent network switch port supporting VLAN/QoS traffic prioritization
• Wireless models may require repositioning standard WiFi access points causing interference

Network connectivity enables remote administration, automated backups and reviewing door event history. New PoE variants allow powering over existing Ethernet as well. Verify infrastructure provides solid reliable communication.

Completing Access Control Wiring

Low voltage wiring connects distributed access readers, locks and sensors back to the main control panel. Correct wiring prevents signal errors or electrical faults disrupting secure access.

Employ Best Wiring Practices

• Group access control, camera and intrusion wiring separately to avoid signal interference on shared cable runs
• Utilize shielded cables rated for low voltage use to meet state electrical codes
• Avoid routing wires across sharp edges preventing cable sheath breaches

While basic wire bundles save effort upfront, improper separation or cable damage causes ongoing issues difficult to isolate later.

Verify Successful Connections

• Test every data wire run for continuity before connecting access hardware
• Characterize actual voltage drops under load across the wire length
• Check connectors meet manufacturer polarity and pinout to prevent short circuits

Thoroughly checking wiring now prevents faults from causing doors to remain unlocked down the road. Pay particular attention to the longest wire runs most susceptible to excessive voltage drops or polarity issues.

Confirm Proper System Operation

• Test area access readers by sequentially presenting valid credentials to unlock doors
• Validate each door successfully latches secured requiring re-authorization between compartment access
• Ensure administrators can properly view doorway entry/exit events when logging into the access control system software

Only confirming complete door access control between the panel and end devices through several controlled open/close cycles proves full system operation. Don’t assume everything works correctly without rigorous system verification.

Post-Installation Checklist

Once mounting hardware, running wiring and configuration is complete, perform a comprehensive post-installation validation:

Inspect Equipment – Verify all access components remain securely mounted without loosening over time. Check tamper seals haven’t been disturbed.

Test credential reading – Validate all credentials reliably unlock appropriate doors and deny access once used or expired.

Confirm monitoring – Review software logs from admin accounts showing proper access events and exclusions happening in real time.

Inspect door controls – Test door position sensors, latch function and request-to-exit switches ensuring doors properly secure after use.

Review interactions – Make sure other systems like alarms, video recording, turnstiles and elevators properly trigger based on validated credential use at related access points.

Document deployment – Thoroughly log hardware inventory counts, wiring diagrams, door/user naming conventions, configuration settings and any customizations. Future maintenance heavily relies on accurate system documentation!

While everything may operate correctly immediately after access deployment, only ongoing testing and inspection after systems remain in use will uncover more subtle issues. Plan periodic evaluations after installation to catch all possible points of failure early.

Access Control System Programming

With mounting, wiring and basic access verification complete, it’s time to program user rights, schedules and advanced functionality.

Create access groups – Logically organize users by departments, shifts or access needs for easy bulk permission changes

Configure access credentials – Issue prox cards/fobs, pin codes or biometrics and assign corresponding access privileges

Set schedules – Define time ranges various access groups have rights to designated areas

Customize door controls – Configure timers dictating how long doors remain open after grants and under forced/held conditions

Enable advanced logic – Set up door interlocks, multi-factor authentication, video triggers or intrusion alarms based on granular rulesets

Taking time to thoughtfully program access features prevents needing continuous individual user modifications down the road.

FAQs

Do I need special expertise to install access control?

A: Access control system installation requires thorough understanding of low voltage wiring, networking, electrical codes and physical security best practices. Utilize experienced access control technicians to prevent poor deployment and false reliance on ineffective security.

What tools should I have on hand for access installation?

A: Must have tools include levels, measuring tape, screwdrivers, wiring strippers, crimpers, zip ties and a cable tester. Specific control panels or door hardware may necessitate additional specialty installation tools as well.

How disruptive is installing access control?

A: Professional installers work cleanly to minimize dust and debris introduction. However, running wiring inside existing walls or above drop ceilings still requires temporarily moving furniture and creating minor drywall/masonry repairs afterwards.

How long does a typical access control installation take?

A: Depending on system scale and unique site challenges, expect installation to take 1-2 weeks. Larger deployments with custom wiring take over a month. Carefully evaluating complexity first allows setting realistic expectations.

Conclusion

Access control systems installed using professional techniques result in years of seamless secured entry. Organizations avoid making regretful decisions by purchasing enterprise-grade hardware supporting flexible expandability along with the highest security certifications. Places of worship, offices and multifamily housing alike repeatedly praise the ongoing value high quality access control provides through daily convenience and incident minimization.

Once installation is expertly completed, remember to periodically inspect equipment function while performing preventative maintenance. As organizations evolve, take advantage of scalability to expand control across additional access points using a consistent unified platform. Keeping users educated about proper access etiquette and procedures helps further enforce policies while preventing accidental security lapses.

Securing your business is a top priority, but choosing the right systems can be confusing. Access control and security systems serve related but distinct purposes for protecting assets. I’ll explain the key capabilities of each and discuss the pros and cons of access control systems versus security systems. Comparing features side-by-side will help you determine which approach may work best to meet your needs and budget.

Access Control Systems

What are Access Control Systems?

Access control systems regulate access into and within facilities. They determine who is allowed to enter restricted areas and when. These systems grant access when credentials are presented, like an access code, keycard, or biometric verification. Access control includes physical barriers like doors, turnstiles, and mantraps integrated with readers and electrified locks.

There are several types of access control systems:

• Keypads: require entering a PIN code or password. Simple, cost-effective keypad systems work for low-risk, small scale access control.
• Card readers: read data embedded on ID/smart cards. Various card technologies range from proximity cards to contactless smart cards. Card access systems are scalable for large facilities.
• Biometric scanners: validate physical attributes like fingerprints or iris patterns instead of keys or cards. Highly secure for high-risk areas but more complex systems.
• Phone or app-based access: uses smartphones instead of physical credentials. Convenient but security relies on the device.
• Intercoms: use audio and video communication for access decisions. A guard can visually verify visitors before unlocking doors remotely via intercoms. Appropriate for reception areas.

Pros and Cons of Access Control Systems

Pros	Cons
More convenient than keys: Shared access cards or codes are simpler to manage than making copies of metal keys. If an employee leaves, cards and codes are easily deactivated.	Upfront cost for hardware/installation: Doors, readers, controllers and electrified locking hardware plus installation and configuration has a considerable upfront price. Not as inexpensive as some keypad systems.
Provides an access audit trail: Most systems log entry and exit timestamps by user. Reviewing access logs allows monitoring staff movement or tracing unauthorized entries.	Access cards can be shared/lost: Possibility of users sharing cards or failing to report lost cards compromises accountability in logs. Install extra measures like biometric readers to validate identity.
Flexible access permissions: Assign specific doors, zones, and times customized to each user rather than total access. Update permissions instantly as needs change.	Limited to securing entry points: Controls access but does not directly monitor for theft, vandalism etc. inside the premises or detect perimeter intruders. Requires integration with intrusion detection for full coverage.
Some provide time restrictions: Sytem policies can implement automated time-bound permissions, eg – access only 8 to 5 pm daily, without constant monitoring.

Security Systems

What are Security Systems?

Security systems detect threats and attempted intrusions instead of only regulating authorized access. Systems like burglar alarms and surveillance cameras alert security staff when a potential criminal threat occurs both inside facilities and outdoor areas. Most security systems involve remote monitoring via phones or internet connectivity.

• Intruder alarms: use sensors on doors/windows to detect break-ins and motion sensors to trigger on unauthorized movement. Control panels activate audible alarms and alert monitoring centers or police upon intrusion detection.
• Surveillance camera systems: consist of cameras providing live and recorded video feeds of premises interiors and exteriors. Analysts monitor feeds and recordings help identify suspects.

Other systems like glass break sensors, barrier beams, and smoke or fire detection may connect as well into overall premises monitoring by security staff.

Pros and Cons of Security Systems

Pros	Cons
Deter burglaries and thefts: Visible warning signage combined with intrusion sensors and audible alarms discourage criminals. Fast police response increases risk of getting caught.	Recurring monitoring fees: Professionally monitored systems require an ongoing monthly rate per location, typically $30-50 monthly. Upkeep costs are higher than unmonitored systems.
Help identify and catch intruders: Recorded CCTV footage aids identifying burglars or vandals. Seeing faces aids police investigations and arrests.	False alarms common with intruder systems: Motion sensors and perimeter detection can be triggered unintentionally by pets, debris and weather causing unnecessary dispatches. Fine tuning sensor sensitivity helps avoid this.
Surveillance footage aids investigations: If a crime does occur, camera footage provides valuable investigative context about what happened before, during and after incidents.	Upfront costs can be high: Major camera and alarm system installations get expensive quickly. Restricting initially to high priority areas minimizes costs. Also factor in electrical and WiFi infrastructure needs.
Many options for monitoring: Self-monitoring, remote monitoring companies or direct connection to emergency responders ensure alarms get proper responses. Customizable to needs and budget constraints.

Comparison of Access Control vs. Security

While both systems enhance protection, there are some trade-offs between access control and security to factor in depending on your facility layout and particular risks.

Convenience vs. Intruder Detection

Access control excels at easily managing staff or visitor entry permissions without needing constant oversight. But access systems alone will not detect unauthorized entries or criminal behaviors occurring on premises. Integration with intrusion alarms or surveillance systems is ideal for a full protective solution.

Access Audit Trails vs. Surveillance Footage

Logs of access scans provide exact entry and exit events by users. However there’s no visibility into what happens after entry. Camera systems provide eyes on the overall premises but limited data about each person coming and going. Using both together gives maximum accountability.

Secure Building Access vs. Entire Premises Monitoring

Access systems inherently focus on entry points – doors, lobbies, parking garages and so on. Whereas CCTV and security sensors can blanket both sensitive indoor zones along with outdoor yards and perimeters around structures. Limited access control may miss threats approaching facilities externally.

Ongoing Costs Differential

Access control systems tend to cost less long term with more affordable maintenance and scalability. Whereas professionally monitored intrusion and surveillance systems require steeper monthly fees but offer 24/7 live oversight and alerts.

Which is Right for Your Business?

With the differences compared, here are key factors to analyze to determine if access control or security systems should take priority for your company.

Factors to Consider

• Building layout and access points. A single door office needs a very different approach than a facility with multiple entryways and zones. Layered access systems suit multifaceted buildings.
• Assets needing protection. High value equipment, data, or hazardous materials justify extra controls like biometrics and surveillance. Know primary risks facing your business.
• Budget constraints. Available capital impacts starting scale and whether professionally monitored systems are affordable long term. Balance protection with sustainability.
• Future flexibility needed. Growing organizations should prioritize modular, scalable systems that accommodate changing needs over time.

When Access Control Works Best

Access systems suit:

• Small offices and retail stores – Keypads or card readers adequately control employee and customer entry at a single or limited entry points without advanced functionality.
• Low risk and internal threats only – If theft or violence risks are minimal, access systems help manage staff permissions without high-security measures.

When Security Systems are Preferable

Security systems are ideal for:

• Warehouses, storage areas – Large spaces with valuable inventory justify camera systems, motion detectors and sensors to detect theft and vandalism across wide areas.
• High-value goods targeted by burglars – External-facing locations containing desirable targets for break-ins warrant layered perimeter and interior intrusion controls.
• Remote monitoring needed – Organizations lacking adequate on-site guard staff need 24/7 monitoring services to respond quickly to alarms and recorded threats.

FAQs

Does access control provide intruder detection?

A: Access systems focus on managing the flow of authorized users. Intrusion detection systems are still needed to alert against unauthorized entries or criminal behaviors. However some access controls integrate the ability to arm and disarm intruder alarms when valid credentials are presented. This automates some monitoring processes.

Do security systems control access?

A: Primarily no – video surveillance alone does not regulate who enters areas. However cameras give insight into visitor identities, at least visually. Authenticating visitors against an access control database provides more reliable tracking than guessing based on CCTV images. There are a few exceptions like intercoms or smart barriers integrated with license plate recognition that can trigger gates and barriers to open or close when approved vehicles approach security checkpoints. But most intrusion and camera systems are more passive, focused on automated threat detection rather than controlling physical access permissions.

Can access control work with security systems?

A: Absolutely. While access control and intrusion detection diverge in some capabilities, integrating the two systems provides more robust functionality. For instance, access systems can arm and disarm alarms when approved staff scan badges so legitimate activity does not trigger constant false alarms. Cameras can also focus specifically on entryways, validating identities against access control logs. Implementing access permissions then further protects surveillance infrastructure from tampering by unauthorized insiders. The total integrated solution expands security management.

Conclusion

Securing facilities introduces complex decisions with many technological options. Access control conveniently manages internal permissions while security systems monitor for external and internal criminal threats. Integrating access management with intrusion and surveillance systems can yield comprehensive protection far beyond the capabilities of any single platform.

I’ve aimed to educate readers on the core features, pros and cons and ideal use cases for access control systems versus security systems. Keep business size, valuables, risks, vulnerabilities and budget in mind as you evaluate alternatives. Layer controls for incremental improvements over time. Neither access nor security should completely lapse as gaps invite incidents. Find the right balance of access management convenience and active threat detection reflecting your situation. And leverage professional guidance from security providers when planning deployments.

With smart planning, you can implement the systems yielding the greatest security ROI for stakeholders without overspending. I hope this overview better informs your crisis prevention plans to keep people and property safe. Reach out anytime if you have additional questions as you evaluate options.

A RECENT Global Anti-Scam Alliance survey, conducted in association with Cifas, paints an unsettling picture of the current state of scams in the UK, highlighting an urgent need for vigilance and preventative action.

The study involves 2,000 British citizens and uncovers startling statistics, indicating that a substantial 10% of Britons have lost money to scams or identity theft in the last 12 months, culminating in financial losses approximated at £7.5 billion.

Some 62% of respondents indicated that they had received scam messages at least once per month, with 53% acknowledging a significant rise in scam encounters over the past year.

Mike Haley, CEO of Cifas (the UK’s foremost fraud prevention agency), commented: “Scams have now reached an unprecedented level, with criminals and career fraudsters constantly looking for new opportunities to scam UK citizens and cause significant distress to victims. In 2022, Cifas members recorded over 409,000 cases of fraudulent conduct to our National Fraud Database as criminals took advantage of the ongoing cost-of-living crisis to steal identities and take control of customer accounts.”

Haley continued: “UK consumers continue to find themselves increasingly targeted by phishing and smishing campaigns offering financial help or investment opportunities, employment scams, fake adverts for rental properties as well as purchase and delivery scams. Now more than ever, we need to ensure there is more effective regulation of online platforms and recognise the serious harm that their fraudulent content is causing to consumers.”

Deceptive practices

As digital portals become the hotbeds for deceptive practices, e-mail platforms like Gmail and Outlook are used to facilitate fraud, with 64% of participants receiving scam messages through these services. Meanwhile, scam attempts through phone channels are reported by 56% of the survey participants.

The breadth of scammers’ activities is reflected in the variety of tactics employed, ranging from phishing to the infamous ‘Advance Fee’ scams, leaving individuals vulnerable to an average of 1.6 scams per victim.

The repercussions of these scams extend beyond financial losses, inflicting emotional and psychological trauma on victims. 46% experienced a ‘strong to traumatic’ emotional impact, often exacerbated by the betrayal of trust and the invasion of privacy.

In response to this unsettling trend, many Britons choose to handle the aftermath privately, with 66% of respondents not reporting the scam to any authority. However, a growing number of victims (ie 31%) are seeking remediation through financial institutions and law enforcement agencies, emphasising the critical role of these entities in addressing and curbing scams.

Read the full story here.

GLOBAL CYBER attacks increased in volume by 38% in 2022 when compared to 2021, but six in every ten directors suggest that their company is ineffective in understanding the risks. That’s one key finding of ‘Effective Board Governance of Cyber Security: A Source of Competitive Advantage’, the latest report published by Savanti, itself one of the UK’s leading cyber security consultancies.

he report finds that those businesses who are ‘cyber-engaged’ have increased revenue growth, a greater success rate in attracting clients and higher investor confidence.

Increasing numbers of UK businesses are struggling to understand how to combat cyber crime, which puts them at increased risk of cyber attacks resulting in crippling costs such as multi-million pound ransoms, litigation and reputational damage.

In terms of numbers, across all UK businesses, there were 2.4 million instances of cyber crime in the last 12 months. According to Cyber Security Ventures, the cost of cyber crime to business could reach £8.4 trillion annually by 2025. If it was measured as a country, cyber crime would be the world’s third largest economy after the US and China.

Recent high-profile incidents include the cyber attack on The Electoral Commission in which a breach undetected for 14 months resulted in access to voters’ personal data including home addresses, images, e-mail addresses, names and telephone numbers. There were also the cyber attacks on British Airways and Boots.

Read the full story here.

THE BRITISH Security Industry Association (BSIA) is calling on the Government to clarity how it intends to “fill the void” created by the recent resignation of the Biometrics and Surveillance Camera Commissioner and the proposed abolition of the Office of the Commissioner at the Home Office.

Professor Fraser Sampson, the current Biometrics and Surveillance Camera Commissioner, will remain in post until the end of October before the functions of the role are expected to be subsumed by the Investigatory Powers Commissioner as part of the Data Protection and Digital Information Bill, which is proceeding through Parliament. As currently written, the Bill removes the need for the Government to publish a Surveillance Camera Code of Practice.

For its part, the BSIA has worked closely with the Office of the Surveillance Camera Commissioner since its formation in 2014. Tony Porter QPM, the inaugural Surveillance Camera Commissioner, welcomed the opportunity of engagement from the BSIA.

Indeed, the Trade Association went on to lead two of the key industry strands of work around the National Surveillance Camera Strategy for England and Wales. In this capacity, the BSIA engaged with other stakeholders to create several foundation documents, including the list of key recommended standards for use in video surveillance systems, a buyers’ toolkit, the passport to compliance and also a ‘Secure by Default’ self-certification scheme aimed squarely at manufacturers.

A great deal of this work is set to be ‘archived’ when the Office of the Biometrics and Surveillance Camera Commissioner is closed. It’s also unclear as to how the transfer of the functions of the Biometrics and Surveillance Camera Commissioner will be carried out in practice and whether or not engagement with industry practitioners will even be a consideration.

Read the full story here.

Draft post-quantum cryptography (PQC) standards have been published by the US National Institute of Standards and Technology (NIST). The new framework is designed to help organizations protect themselves from future quantum-enabled cyber-attacks.

The draft documents were published on August 24, 2023, and encompass three draft Federal Information Processing Standards (FIPS).

These standards were selected by NIST following a process that began in December 2016, when the agency issued a public call for submissions to the PQC Standardization Process.

After several rounds of selection, NIST announced the four encryption algorithms that would form its PQC standard in July 2022. The CRYSTALS-Kyber algorithm was chosen for general encryption (used for access to secure websites) and CRYSTALS-Dilithium, FALCON and SPHINCS+ were selected for digital signatures.

These algorithms are incorporated into the three FIPS published by NIST.

Read the full story here.

The technology secretary has drawn the ire of encryption experts by repeating false claims and half-truths about the Online Safety Bill.

The proposed legislation will effectively force private messaging companies that use end-to-end encryption to scan their users’ content for child abuse material. This would require users to download client-side scanning software to read messages on their devices before they’re encrypted.

Michelle Donelan told Radio 4’s Today program: “Technology is in development to enable you to have encryption as well as to be able to access this particular information.”

This prompted a furious backlash from experts.

Matthew Hodgson, CEO of secure messaging app Element, branded the statement as “factually incorrect.”

“No technology exists which allows encryption and access to ‘this particular information.’ Detecting illegal content means all content must be scanned in the first place. By adding the ability to use scanning technology at all, you open the floodgates to those who would exploit and abuse it,” he said.

“You put the mechanism in place for mass surveillance on UK citizens by the ‘good guys’ and the bad. It is utterly unacceptable to attempt to force tech companies to implement mass surveillance within their products.”

Read more on the Online Safety Bill: Security Experts Raise Major Concerns With Online Safety Bill

Donelan added that “the onus is on tech companies to invest in technology to solve this issue.” It’s an argument often repeated by lawmakers and law enforcers but roundly dismissed by technology experts as either disingenuous or ignorant.

“Countless experts, from private companies to academics and civil society organizations have told you this technology is impossible to build,” Hodgson responded. “Is the government expecting every tech company to plough money into a never-ending R&D project that will never result in a workable product?”

Read the full story here.

THE HEAD of the Financial Conduct Authority (FCA) has stated that Artificial Intelligence (AI) could disrupt the financial services sector “in ways and at a scale not seen before”, in parallel issuing a warning that the regulator would be forced to take action against AI-based fraud.

In a speech delivered to company executives in central London, Nikhil Rathi (CEO of the FCA) noted that there are risks of “cyber fraud, cyber attacks and identity fraud increasing in scale, sophistication and effectiveness” as AI becomes more widespread.

Prime Minister Rishi Sunak is fervently hoping to make the UK a centre for the regulation of AI, while the FCA’s work on this subject area is part of a much broader effort designed to work out how to regulate the big tech sector as it increasingly offers financial products.

During his delivery, Rathi warned that AI technology will increase risks for financial firms in particular. Senior managers at those firms will be “ultimately accountable for the activities of the business”, including decisions taken by AI.

“As AI is further adopted,” observed Rathi, “the investment in fraud prevention and operational and cyber resilience will have to accelerate simultaneously. We will take a robust line on this. There’s going to be full support for beneficial innovation alongside proportionate protections.”

Deepfake video

Rathi cited the example of a recent deepfake video of the personal finance expert Martin Lewis supposedly selling speculative investments. Lewis himself said the video was “terrifying” and has called for regulators to force big technology companies to take action in order to prevent similar scams.

Responding to Rathi’s comments, cyber specialist Suid Adeyanju (CEO of RiverSafe) said: “AI is set to become a regulatory minefield for the FCA, so maintaining a clear line of communication with businesses about the challenges and opportunities ahead is going to be critical in terms of maintaining high standards within the market.”

Adeyanju continued: “The tidal wave of AI-enabled cyber attacks and online scams adds an even greater level of complexity, so it’s vital that financial services firms beef up their cyber credentials and capabilities in order to identify and neutralise these threats before they can establish a foothold.

Read the full story here.

The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released joint guidance on hardening Baseboard Management Controllers (BMCs).

Published on Wednesday, the document aims to address the overlooked vulnerabilities in BMCs, which can serve as potential entry points for malicious actors seeking to compromise critical infrastructure systems.

Read more on similar attacks: NCSC Warns of Destructive Russian Attacks on Critical Infrastructure

For context, BMCs are essential components embedded in computer hardware that facilitate remote management and control. They operate independently of the operating system and firmware, ensuring seamless control even when the system is powered down. 

However, because of their high privilege level and network accessibility, these devices make them attractive targets for malicious actors.

The joint guidance emphasizes the importance of taking proactive measures to secure and maintain BMCs effectively, adding that many organizations fail to implement even minimum security practices.

These shortcomings could result in BMCs being used by threat actors as entry points for various cyber-attacks, such as turning off security solutions, manipulating data or propagating malicious instructions across the network infrastructure.

To address these concerns, CISA and NSA recommend several key actions. These include protecting BMC credentials, enforcing VLAN separation, hardening configurations and performing routine BMC update checks.

Further, the agencies said organizations should also monitor BMC integrity, move sensitive workloads to hardened devices, use firmware scanning tools periodically and treat unused BMCs as potential security risks.

Read the full story here.

The Sussex Police & Crime Commissioner has denied the county’s CCTV could be switched off from April.

Katy Bourne was questioned during a meeting of the Police & Crime Panel about problems with the renewal of a contract with service provider BT.

According to a police spokesman, BT has only offered a one-year fixed price contract rather than the three-year contract which had been expected.

Ms Bourne said an inspector was working on the issue full-time and that “nobody’s going to get switched off”.

The meeting also heard a “significant price increase” was forecast on the £250,000 per year already being paid, due to upgrades being made to the circuit technology.

Ms Bourne said: “The contract is BT’s. If they decide they don’t want to renew, they don’t have to renew – we can’t force them.

“They’ve agreed a price. It’s their price and we can’t afford it, effectively.

“My understanding, having spoken with the team in Sussex Police, is that nobody’s going to get switched off, so let’s just allay that concern.”

Read the full story here.