Quentyn Taylor, Director of Security at Canon EMEA, discusses how small businesses can use RFID, the technology behind key fobs, as part of their business security systems and for data protection.
When starting a business, or running a SME, most people are aware of the key elements of security that need to be accounted for. This could be your on-premise or cloud security, or how to secure your data and applications. RFID technology has been a constant in our everyday working lives, yet we often overlook or diminish its importance in office security and safety.
Radio Frequency Identification
Everyone has used RFID at some point in their lives, whether they know it or not. With its roots in the first radio transponders used during World War II, it kicked off the development of Radio Frequency technology. Through constant evolution, it has since grown to include today’s commonplace Radio Frequency Identification activated ID cards and key fobs. Our daily familiarity with RFID means that its benefits are often taken for granted.
RFID is a ubiquitous identification technology, that uses radio frequency waves to transfer information between a reader and a tag. This means that companies can look to design systems to identify, track and locate tagged items. The most common use across businesses is for access control, covering protection of staff and buildings, valuable assets or confidential information. These systems can involve anything from simple plastic proximity cards and fobs, to integration with biometric scanners.
SMEs and start-ups must be aware of what information is accessible through these small plastic cards we carry everywhere with us. Companies often load extra features onto RFID cards such as follow me printing and cash for canteens. Businesses should weigh up the risks of having all these features enabled on to one card that can be compromised. Can buildings and sensitive information be accessed from a single card if the technology could be hacked? Often access cards can prove costly to change, and landlords can be very reluctant to acknowledge this risk.
RFID cards have been used everywhere; from tech companies to hospitals. And whenever technology becomes ubiquitous, hackers will always seek ways to exploit it. Many older, lower-frequency cards had no encryption or authentication so their information could be captured as soon as a ‘reader’ was nearby. However, it is not just lower frequency cards that can be compromised. Whilst all types of card can be vulnerable, businesses often moved to higher frequency cards enticed by the ability to load more functions and data onto the cards, rather than for security.
There are still many businesses using older, inherently vulnerable, technology; according to one report, nearly 80% of all key cards used within commercial facilities may be prone to hacking due to protocol vulnerabilities.
RFID in action
The potential uses for this relatively simple system are endless. An investigation into future uses of RFID suggested that the technology could, for example, be used to improve health and safety in office buildings by speeding up fire evacuations. Logging each employee leaving the building ensures everybody has evacuated safely. Start-ups, who often have smaller staff numbers and office space may be intrigued by its potential uses for employee timekeeping, helping provide detailed oversight with minimal intrusion.
A robust and complete security system requires more than just the latest RFID tech. SMEs and start-ups need to be aware that breaches can occur from any number of access points that they may not have considered. Take print security as an example. Using RFID cards, employees release print jobs from communal printers, however this contributes to another risk of data interception.
The Global Print Security Report recently found that 60% of companies in the UK, US, France and Germany suffered a print-related data incident in the preceding year, resulting in an average of more than £320K in losses. Businesses looking to combine their building access cards and their print access cards into one card should first examine the underlying technologies of the card. Then, if they are known to be vulnerable careful consideration should be given to either upgrading the building access card system, or if a new system needs to be installed specifically to control access to the more sensitive data that may reside on its printers.
Keeping information confidential requires the entire document lifecycle to be made secure. RFID needs to be deployed as part of a larger, integrated security system. This means verifying not just the physical security of your devices, but also having clearly defined protocols for the security of your network and highly confidential documents.
Install with confidence
The costs of implementing RFID as part of a reliable security system will differ greatly, depending on the size of the company. The smaller, less labour-intensive RFID technologies can cost around £2,500 when labour, software, readers and fobs are taken into consideration. A single fob can cost from as little as a few pennies to £80. The benefits of investing in RFID will greatly outweigh your offset costs.
Introducing, or adopting, any technology comes with new and unpredictable risk. As businesses look to rapidly transform and grow, they can fall into the trap of driving innovation without first establishing robust security measures. They need to focus on building office security from the ground up, but to do that it’s crucial to get the basics right. RFID is not a new technology, but used correctly, it offers a solid foundation for any security strategy. No single technology is enough, but if systems are set up with security at the core, and no single aspect is expected to be totally invulnerable, businesses can embrace innovation with confidence.
Ultimately, workplace privacy and autonomy will always be worth the cost.