As companies return to the office, many security teams are realizing that their access policies once set in stone, no longer match the business’s needs. There’s no question that companies had to make pragmatic decisions and relax their risk tolerance during the pandemic. However, with hybrid working arrangements now widespread, the question of ‘who has access to our facilities?’ is incredibly hard to answer, without even considering ‘who should?’.
This question is even harder to answer in leased offices or facilities. In most cases, the security team doesn’t ‘own’ the base access control system, and where there are multiple tenants there is building management involvement, so even getting simple information is difficult but often meaningless.
Start with the basics – Who has access to your facilities?
While compliance often gets a bad rap, in this case re-examining those simple questions is exactly the right thing to do now.
Regulations exist for a reason – they help protect your business, your employees, and your customers. Failing to adhere to regulatory requirements can open you up to risks beyond just fines. InfoSec regulations exist to help protect against a data breach and financial regulations are there to protect against fraud.
A compliance review right now might seem like a step too far but getting a physical access baseline is exactly the right thing to be doing.
Our expertise is managing safety, security and compliance risks and our first step would be to use RightCrowd Access Analytics to answer some very basic questions, for instance, who has access to your facilities? This physical access baseline will allow you to identify where your risks lay and where to focus next.
Get back in control with access intelligence
RightCrowd Access Analytics allows security teams to pull together physical access rights across multiple disconnected access control systems. By adding in HR or Active Directory identity information, they can then compile a complete picture of physical access for every employee, contractor or visitor, across leased or owned offices or facilities.
You’ll have the information to quickly identify access anomalies and examine the security policies and procedures that caused them.
Once you identify your weaknesses, compliance gaps, or problem areas, then you can put best practices back in place.
During times like this, even an in house compliance review will give you validation that the processes you’ve put in place stand up to scrutiny. The alternative might be that the malicious actors find the weakness before you do.
Need more information, please contact us.