Securing your business is a top priority, but choosing the right systems can be confusing. Access control and security systems serve related but distinct purposes for protecting assets. I’ll explain the key capabilities of each and discuss the pros and cons of access control systems versus security systems. Comparing features side-by-side will help you determine which approach may work best to meet your needs and budget.

Access Control Systems

What are Access Control Systems?

Access control systems regulate access into and within facilities. They determine who is allowed to enter restricted areas and when. These systems grant access when credentials are presented, like an access code, keycard, or biometric verification. Access control includes physical barriers like doors, turnstiles, and mantraps integrated with readers and electrified locks.

There are several types of access control systems:

• Keypads: require entering a PIN code or password. Simple, cost-effective keypad systems work for low-risk, small scale access control.
• Card readers: read data embedded on ID/smart cards. Various card technologies range from proximity cards to contactless smart cards. Card access systems are scalable for large facilities.
• Biometric scanners: validate physical attributes like fingerprints or iris patterns instead of keys or cards. Highly secure for high-risk areas but more complex systems.
• Phone or app-based access: uses smartphones instead of physical credentials. Convenient but security relies on the device.
• Intercoms: use audio and video communication for access decisions. A guard can visually verify visitors before unlocking doors remotely via intercoms. Appropriate for reception areas.

Pros and Cons of Access Control Systems

Pros	Cons
More convenient than keys: Shared access cards or codes are simpler to manage than making copies of metal keys. If an employee leaves, cards and codes are easily deactivated.	Upfront cost for hardware/installation: Doors, readers, controllers and electrified locking hardware plus installation and configuration has a considerable upfront price. Not as inexpensive as some keypad systems.
Provides an access audit trail: Most systems log entry and exit timestamps by user. Reviewing access logs allows monitoring staff movement or tracing unauthorized entries.	Access cards can be shared/lost: Possibility of users sharing cards or failing to report lost cards compromises accountability in logs. Install extra measures like biometric readers to validate identity.
Flexible access permissions: Assign specific doors, zones, and times customized to each user rather than total access. Update permissions instantly as needs change.	Limited to securing entry points: Controls access but does not directly monitor for theft, vandalism etc. inside the premises or detect perimeter intruders. Requires integration with intrusion detection for full coverage.
Some provide time restrictions: Sytem policies can implement automated time-bound permissions, eg – access only 8 to 5 pm daily, without constant monitoring.

Security Systems

What are Security Systems?

Security systems detect threats and attempted intrusions instead of only regulating authorized access. Systems like burglar alarms and surveillance cameras alert security staff when a potential criminal threat occurs both inside facilities and outdoor areas. Most security systems involve remote monitoring via phones or internet connectivity.

• Intruder alarms: use sensors on doors/windows to detect break-ins and motion sensors to trigger on unauthorized movement. Control panels activate audible alarms and alert monitoring centers or police upon intrusion detection.
• Surveillance camera systems: consist of cameras providing live and recorded video feeds of premises interiors and exteriors. Analysts monitor feeds and recordings help identify suspects.

Other systems like glass break sensors, barrier beams, and smoke or fire detection may connect as well into overall premises monitoring by security staff.

Pros and Cons of Security Systems

Pros	Cons
Deter burglaries and thefts: Visible warning signage combined with intrusion sensors and audible alarms discourage criminals. Fast police response increases risk of getting caught.	Recurring monitoring fees: Professionally monitored systems require an ongoing monthly rate per location, typically $30-50 monthly. Upkeep costs are higher than unmonitored systems.
Help identify and catch intruders: Recorded CCTV footage aids identifying burglars or vandals. Seeing faces aids police investigations and arrests.	False alarms common with intruder systems: Motion sensors and perimeter detection can be triggered unintentionally by pets, debris and weather causing unnecessary dispatches. Fine tuning sensor sensitivity helps avoid this.
Surveillance footage aids investigations: If a crime does occur, camera footage provides valuable investigative context about what happened before, during and after incidents.	Upfront costs can be high: Major camera and alarm system installations get expensive quickly. Restricting initially to high priority areas minimizes costs. Also factor in electrical and WiFi infrastructure needs.
Many options for monitoring: Self-monitoring, remote monitoring companies or direct connection to emergency responders ensure alarms get proper responses. Customizable to needs and budget constraints.

Comparison of Access Control vs. Security

While both systems enhance protection, there are some trade-offs between access control and security to factor in depending on your facility layout and particular risks.

Convenience vs. Intruder Detection

Access control excels at easily managing staff or visitor entry permissions without needing constant oversight. But access systems alone will not detect unauthorized entries or criminal behaviors occurring on premises. Integration with intrusion alarms or surveillance systems is ideal for a full protective solution.

Access Audit Trails vs. Surveillance Footage

Logs of access scans provide exact entry and exit events by users. However there’s no visibility into what happens after entry. Camera systems provide eyes on the overall premises but limited data about each person coming and going. Using both together gives maximum accountability.

Secure Building Access vs. Entire Premises Monitoring

Access systems inherently focus on entry points – doors, lobbies, parking garages and so on. Whereas CCTV and security sensors can blanket both sensitive indoor zones along with outdoor yards and perimeters around structures. Limited access control may miss threats approaching facilities externally.

Ongoing Costs Differential

Access control systems tend to cost less long term with more affordable maintenance and scalability. Whereas professionally monitored intrusion and surveillance systems require steeper monthly fees but offer 24/7 live oversight and alerts.

Which is Right for Your Business?

With the differences compared, here are key factors to analyze to determine if access control or security systems should take priority for your company.

Factors to Consider

• Building layout and access points. A single door office needs a very different approach than a facility with multiple entryways and zones. Layered access systems suit multifaceted buildings.
• Assets needing protection. High value equipment, data, or hazardous materials justify extra controls like biometrics and surveillance. Know primary risks facing your business.
• Budget constraints. Available capital impacts starting scale and whether professionally monitored systems are affordable long term. Balance protection with sustainability.
• Future flexibility needed. Growing organizations should prioritize modular, scalable systems that accommodate changing needs over time.

When Access Control Works Best

Access systems suit:

• Small offices and retail stores – Keypads or card readers adequately control employee and customer entry at a single or limited entry points without advanced functionality.
• Low risk and internal threats only – If theft or violence risks are minimal, access systems help manage staff permissions without high-security measures.

When Security Systems are Preferable

Security systems are ideal for:

• Warehouses, storage areas – Large spaces with valuable inventory justify camera systems, motion detectors and sensors to detect theft and vandalism across wide areas.
• High-value goods targeted by burglars – External-facing locations containing desirable targets for break-ins warrant layered perimeter and interior intrusion controls.
• Remote monitoring needed – Organizations lacking adequate on-site guard staff need 24/7 monitoring services to respond quickly to alarms and recorded threats.

FAQs

Does access control provide intruder detection?

A: Access systems focus on managing the flow of authorized users. Intrusion detection systems are still needed to alert against unauthorized entries or criminal behaviors. However some access controls integrate the ability to arm and disarm intruder alarms when valid credentials are presented. This automates some monitoring processes.

Do security systems control access?

A: Primarily no – video surveillance alone does not regulate who enters areas. However cameras give insight into visitor identities, at least visually. Authenticating visitors against an access control database provides more reliable tracking than guessing based on CCTV images. There are a few exceptions like intercoms or smart barriers integrated with license plate recognition that can trigger gates and barriers to open or close when approved vehicles approach security checkpoints. But most intrusion and camera systems are more passive, focused on automated threat detection rather than controlling physical access permissions.

Can access control work with security systems?

A: Absolutely. While access control and intrusion detection diverge in some capabilities, integrating the two systems provides more robust functionality. For instance, access systems can arm and disarm alarms when approved staff scan badges so legitimate activity does not trigger constant false alarms. Cameras can also focus specifically on entryways, validating identities against access control logs. Implementing access permissions then further protects surveillance infrastructure from tampering by unauthorized insiders. The total integrated solution expands security management.

Conclusion

Securing facilities introduces complex decisions with many technological options. Access control conveniently manages internal permissions while security systems monitor for external and internal criminal threats. Integrating access management with intrusion and surveillance systems can yield comprehensive protection far beyond the capabilities of any single platform.

I’ve aimed to educate readers on the core features, pros and cons and ideal use cases for access control systems versus security systems. Keep business size, valuables, risks, vulnerabilities and budget in mind as you evaluate alternatives. Layer controls for incremental improvements over time. Neither access nor security should completely lapse as gaps invite incidents. Find the right balance of access management convenience and active threat detection reflecting your situation. And leverage professional guidance from security providers when planning deployments.

With smart planning, you can implement the systems yielding the greatest security ROI for stakeholders without overspending. I hope this overview better informs your crisis prevention plans to keep people and property safe. Reach out anytime if you have additional questions as you evaluate options.

A RECENT Global Anti-Scam Alliance survey, conducted in association with Cifas, paints an unsettling picture of the current state of scams in the UK, highlighting an urgent need for vigilance and preventative action.

The study involves 2,000 British citizens and uncovers startling statistics, indicating that a substantial 10% of Britons have lost money to scams or identity theft in the last 12 months, culminating in financial losses approximated at £7.5 billion.

Some 62% of respondents indicated that they had received scam messages at least once per month, with 53% acknowledging a significant rise in scam encounters over the past year.

Mike Haley, CEO of Cifas (the UK’s foremost fraud prevention agency), commented: “Scams have now reached an unprecedented level, with criminals and career fraudsters constantly looking for new opportunities to scam UK citizens and cause significant distress to victims. In 2022, Cifas members recorded over 409,000 cases of fraudulent conduct to our National Fraud Database as criminals took advantage of the ongoing cost-of-living crisis to steal identities and take control of customer accounts.”

Haley continued: “UK consumers continue to find themselves increasingly targeted by phishing and smishing campaigns offering financial help or investment opportunities, employment scams, fake adverts for rental properties as well as purchase and delivery scams. Now more than ever, we need to ensure there is more effective regulation of online platforms and recognise the serious harm that their fraudulent content is causing to consumers.”

Deceptive practices

As digital portals become the hotbeds for deceptive practices, e-mail platforms like Gmail and Outlook are used to facilitate fraud, with 64% of participants receiving scam messages through these services. Meanwhile, scam attempts through phone channels are reported by 56% of the survey participants.

The breadth of scammers’ activities is reflected in the variety of tactics employed, ranging from phishing to the infamous ‘Advance Fee’ scams, leaving individuals vulnerable to an average of 1.6 scams per victim.

The repercussions of these scams extend beyond financial losses, inflicting emotional and psychological trauma on victims. 46% experienced a ‘strong to traumatic’ emotional impact, often exacerbated by the betrayal of trust and the invasion of privacy.

In response to this unsettling trend, many Britons choose to handle the aftermath privately, with 66% of respondents not reporting the scam to any authority. However, a growing number of victims (ie 31%) are seeking remediation through financial institutions and law enforcement agencies, emphasising the critical role of these entities in addressing and curbing scams.

Read the full story here.

GLOBAL CYBER attacks increased in volume by 38% in 2022 when compared to 2021, but six in every ten directors suggest that their company is ineffective in understanding the risks. That’s one key finding of ‘Effective Board Governance of Cyber Security: A Source of Competitive Advantage’, the latest report published by Savanti, itself one of the UK’s leading cyber security consultancies.

he report finds that those businesses who are ‘cyber-engaged’ have increased revenue growth, a greater success rate in attracting clients and higher investor confidence.

Increasing numbers of UK businesses are struggling to understand how to combat cyber crime, which puts them at increased risk of cyber attacks resulting in crippling costs such as multi-million pound ransoms, litigation and reputational damage.

In terms of numbers, across all UK businesses, there were 2.4 million instances of cyber crime in the last 12 months. According to Cyber Security Ventures, the cost of cyber crime to business could reach £8.4 trillion annually by 2025. If it was measured as a country, cyber crime would be the world’s third largest economy after the US and China.

Recent high-profile incidents include the cyber attack on The Electoral Commission in which a breach undetected for 14 months resulted in access to voters’ personal data including home addresses, images, e-mail addresses, names and telephone numbers. There were also the cyber attacks on British Airways and Boots.

Read the full story here.

THE BRITISH Security Industry Association (BSIA) is calling on the Government to clarity how it intends to “fill the void” created by the recent resignation of the Biometrics and Surveillance Camera Commissioner and the proposed abolition of the Office of the Commissioner at the Home Office.

Professor Fraser Sampson, the current Biometrics and Surveillance Camera Commissioner, will remain in post until the end of October before the functions of the role are expected to be subsumed by the Investigatory Powers Commissioner as part of the Data Protection and Digital Information Bill, which is proceeding through Parliament. As currently written, the Bill removes the need for the Government to publish a Surveillance Camera Code of Practice.

For its part, the BSIA has worked closely with the Office of the Surveillance Camera Commissioner since its formation in 2014. Tony Porter QPM, the inaugural Surveillance Camera Commissioner, welcomed the opportunity of engagement from the BSIA.

Indeed, the Trade Association went on to lead two of the key industry strands of work around the National Surveillance Camera Strategy for England and Wales. In this capacity, the BSIA engaged with other stakeholders to create several foundation documents, including the list of key recommended standards for use in video surveillance systems, a buyers’ toolkit, the passport to compliance and also a ‘Secure by Default’ self-certification scheme aimed squarely at manufacturers.

A great deal of this work is set to be ‘archived’ when the Office of the Biometrics and Surveillance Camera Commissioner is closed. It’s also unclear as to how the transfer of the functions of the Biometrics and Surveillance Camera Commissioner will be carried out in practice and whether or not engagement with industry practitioners will even be a consideration.

Read the full story here.

Draft post-quantum cryptography (PQC) standards have been published by the US National Institute of Standards and Technology (NIST). The new framework is designed to help organizations protect themselves from future quantum-enabled cyber-attacks.

The draft documents were published on August 24, 2023, and encompass three draft Federal Information Processing Standards (FIPS).

These standards were selected by NIST following a process that began in December 2016, when the agency issued a public call for submissions to the PQC Standardization Process.

After several rounds of selection, NIST announced the four encryption algorithms that would form its PQC standard in July 2022. The CRYSTALS-Kyber algorithm was chosen for general encryption (used for access to secure websites) and CRYSTALS-Dilithium, FALCON and SPHINCS+ were selected for digital signatures.

These algorithms are incorporated into the three FIPS published by NIST.

Read the full story here.

The technology secretary has drawn the ire of encryption experts by repeating false claims and half-truths about the Online Safety Bill.

The proposed legislation will effectively force private messaging companies that use end-to-end encryption to scan their users’ content for child abuse material. This would require users to download client-side scanning software to read messages on their devices before they’re encrypted.

Michelle Donelan told Radio 4’s Today program: “Technology is in development to enable you to have encryption as well as to be able to access this particular information.”

This prompted a furious backlash from experts.

Matthew Hodgson, CEO of secure messaging app Element, branded the statement as “factually incorrect.”

“No technology exists which allows encryption and access to ‘this particular information.’ Detecting illegal content means all content must be scanned in the first place. By adding the ability to use scanning technology at all, you open the floodgates to those who would exploit and abuse it,” he said.

“You put the mechanism in place for mass surveillance on UK citizens by the ‘good guys’ and the bad. It is utterly unacceptable to attempt to force tech companies to implement mass surveillance within their products.”

Read more on the Online Safety Bill: Security Experts Raise Major Concerns With Online Safety Bill

Donelan added that “the onus is on tech companies to invest in technology to solve this issue.” It’s an argument often repeated by lawmakers and law enforcers but roundly dismissed by technology experts as either disingenuous or ignorant.

“Countless experts, from private companies to academics and civil society organizations have told you this technology is impossible to build,” Hodgson responded. “Is the government expecting every tech company to plough money into a never-ending R&D project that will never result in a workable product?”

Read the full story here.

THE HEAD of the Financial Conduct Authority (FCA) has stated that Artificial Intelligence (AI) could disrupt the financial services sector “in ways and at a scale not seen before”, in parallel issuing a warning that the regulator would be forced to take action against AI-based fraud.

In a speech delivered to company executives in central London, Nikhil Rathi (CEO of the FCA) noted that there are risks of “cyber fraud, cyber attacks and identity fraud increasing in scale, sophistication and effectiveness” as AI becomes more widespread.

Prime Minister Rishi Sunak is fervently hoping to make the UK a centre for the regulation of AI, while the FCA’s work on this subject area is part of a much broader effort designed to work out how to regulate the big tech sector as it increasingly offers financial products.

During his delivery, Rathi warned that AI technology will increase risks for financial firms in particular. Senior managers at those firms will be “ultimately accountable for the activities of the business”, including decisions taken by AI.

“As AI is further adopted,” observed Rathi, “the investment in fraud prevention and operational and cyber resilience will have to accelerate simultaneously. We will take a robust line on this. There’s going to be full support for beneficial innovation alongside proportionate protections.”

Deepfake video

Rathi cited the example of a recent deepfake video of the personal finance expert Martin Lewis supposedly selling speculative investments. Lewis himself said the video was “terrifying” and has called for regulators to force big technology companies to take action in order to prevent similar scams.

Responding to Rathi’s comments, cyber specialist Suid Adeyanju (CEO of RiverSafe) said: “AI is set to become a regulatory minefield for the FCA, so maintaining a clear line of communication with businesses about the challenges and opportunities ahead is going to be critical in terms of maintaining high standards within the market.”

Adeyanju continued: “The tidal wave of AI-enabled cyber attacks and online scams adds an even greater level of complexity, so it’s vital that financial services firms beef up their cyber credentials and capabilities in order to identify and neutralise these threats before they can establish a foothold.

Read the full story here.

The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released joint guidance on hardening Baseboard Management Controllers (BMCs).

Published on Wednesday, the document aims to address the overlooked vulnerabilities in BMCs, which can serve as potential entry points for malicious actors seeking to compromise critical infrastructure systems.

Read more on similar attacks: NCSC Warns of Destructive Russian Attacks on Critical Infrastructure

For context, BMCs are essential components embedded in computer hardware that facilitate remote management and control. They operate independently of the operating system and firmware, ensuring seamless control even when the system is powered down. 

However, because of their high privilege level and network accessibility, these devices make them attractive targets for malicious actors.

The joint guidance emphasizes the importance of taking proactive measures to secure and maintain BMCs effectively, adding that many organizations fail to implement even minimum security practices.

These shortcomings could result in BMCs being used by threat actors as entry points for various cyber-attacks, such as turning off security solutions, manipulating data or propagating malicious instructions across the network infrastructure.

To address these concerns, CISA and NSA recommend several key actions. These include protecting BMC credentials, enforcing VLAN separation, hardening configurations and performing routine BMC update checks.

Further, the agencies said organizations should also monitor BMC integrity, move sensitive workloads to hardened devices, use firmware scanning tools periodically and treat unused BMCs as potential security risks.

Read the full story here.

The Sussex Police & Crime Commissioner has denied the county’s CCTV could be switched off from April.

Katy Bourne was questioned during a meeting of the Police & Crime Panel about problems with the renewal of a contract with service provider BT.

According to a police spokesman, BT has only offered a one-year fixed price contract rather than the three-year contract which had been expected.

Ms Bourne said an inspector was working on the issue full-time and that “nobody’s going to get switched off”.

The meeting also heard a “significant price increase” was forecast on the £250,000 per year already being paid, due to upgrades being made to the circuit technology.

Ms Bourne said: “The contract is BT’s. If they decide they don’t want to renew, they don’t have to renew – we can’t force them.

“They’ve agreed a price. It’s their price and we can’t afford it, effectively.

“My understanding, having spoken with the team in Sussex Police, is that nobody’s going to get switched off, so let’s just allay that concern.”

Read the full story here.

Ransomware attacks tumbled in 2022, offering hope that the tide was turning against the criminal gangs behind them. Then things got a whole lot worse.

Amid a concerted effort by global law enforcement to crack down on ransomware attacks, payments to hackers and even the volume of attacks fell in 2022. But the trend doesn’t seem to be holding for 2023, and attacks have shot up again.

Data from cryptocurrency tracing firm Chainalysis indicates that victims have paid ransomware groups $449.1 million in the first six months of this year. For all of 2022, that number didn’t even reach $500 million. If this year’s pace of payments continues, according to the company’s data, the total figure for 2023 could hit $898.6 million. This would make 2023 the second biggest year for ransomware revenue after 2021, in which Chainalysis calculates that attackers extorted $939.9 million from victims.

The findings track with general observations from other researchers that the volume of attacks has spiked this year. And they come as ransomware groups have become more aggressive and reckless about publishing sensitive and potentially damaging stolen information. In a recent attack against the University of Manchester, hackers directly emailed the UK university’s students telling them that seven terabytes of data had been stolen and threatening to publish “personal information and research” if the university didn’t pay up.

“We think as a result of their budgetary shortfalls in 2022 we’ve seen these more extreme extortion techniques, ways to kind of twist the knife,” says Jackie Burns Koven, head of cyber threat intelligence at Chainalysis. “In 2022 we were very surprised to find that decline. Then we talked to external partners—incident response firms, insurance companies—and they all said, yeah, we’re paying less, and we’re also seeing fewer attacks.”

Read the full story here.