Security Best Practices for Commercial Facilities

Property managers of commercial facilities like shopping centers, sports stadiums, casinos, churches, and movie complexes face unique physical security and cybersecurity challenges. These places often have numerous points of access to the facility and the internet and digital systems, including Wi-Fi networks for visitors, point-of-sale systems for merchants, digital signage, security systems, and more. Therefore, they need a robust security strategy to protect their facilities, systems and data from potential threats.

These threats are with us every day. But, there are some best practices that can be put into place to reduce risks to the venues, the employees and members of the publics. The rest of this article summarizes some of the best practices that can be put in place to strengthen your cybersecurity. I cover best practices for physical security for this important critical infrastructure area in a different article.

Some Cybersecurity Best Practices

 

    1. Network Segmentation: Network segmentation involves splitting a computer network into smaller parts. For instance, point-of-sale systems should be on a different network segment from the public Wi-Fi to prevent a compromise of the public Wi-Fi from affecting critical business systems.

    1. Multi-Factor Authentication (MFA): MFA adds an additional layer of security by requiring users to provide at least two verification factors to gain access to a resource such as an application, online account, or a VPN.

 

    1. Regular Patching and Updates: Ensure that all devices connected to the network, including security cameras, point-of-sale systems, and digital signage, are regularly updated with the latest patches and security updates.

    1. Firewall and Intrusion Detection Systems (IDS): A strong firewall can prevent unauthorized access to the network, while IDS can detect suspicious activities and alert system administrators in real-time.

    1. Employee Training: Many cybersecurity breaches are due to human error. Regular training can ensure that all employees are aware of potential cyber threats, like phishing attacks, and know how to respond.

    1. VPN for Remote Access: If remote access to the network is necessary, use a Virtual Private Network (VPN). VPNs encrypt the connection between a user’s device and the network, making it harder for attackers to intercept data.

    1. Regular Backups: Regularly back up critical data and make sure that backups are stored securely. In the event of a ransomware attack or other data loss incident, this ensures that you can restore your data without paying a ransom.

    1. Incident Response Plan: Have a plan in place for responding to cybersecurity incidents. This plan should include steps for identifying and containing the breach, eradicating the threat, recovering from the incident, and notifying any affected parties.

    1. Vendor Management: Establish secure connections with vendors and third-party providers. This may involve setting security requirements for vendors or conducting regular security assessments of vendor systems.

    1. Regular Audits and Risk Assessments: Regularly assess your network for vulnerabilities and fix any that you find. An external auditor can provide a fresh perspective and may notice risks that internal teams have missed.

Remember, no single solution can provide complete protection against all cybersecurity threats. The most effective strategy involves a layered approach, combining several measures to protect different parts of the network and system. If you would like to find out more about what you can do to network with security professionals in this sector, please complete the following form.  

Update:  

This article has been modified from the original to remove the registration information for the September 11, 2023 Seminar.  Registration has been closed for that event.  

Disclaimer: Portions of this article have been generated with the assistance of ChatGPT-4 by OpenAI. While efforts have been made to ensure the accuracy and reliability of the content, the views, interpretations, and findings expressed herein are those of the author’s prompt engineering and should not be attributed to ChatGPT-4.

Techno_BackgroundSymbols -

Disclaimer: Portions of this article have been generated with the assistance of ChatGPT-4 by OpenAI. While efforts have been made to ensure the accuracy and reliability of the content, the views, interpretations, and findings expressed herein are those of the author’s prompt engineering and should not be attributed to ChatGPT-4.

Techno_BackgroundSymbols -
author avatar
Jane Ginn CTIN President & Co-Founder
Jane Ginn ~ As the co-founder of the Cyber Threat Intelligence Network (CTIN), a consultancy with partners in Europe, Ms. Ginn has been pivotal in the development of the STIX international standard for modeling and sharing threat intelligence. She currently serves as the Secretary of the OASIS Threat Actor Context Technical Committee, contributing to the creation of a semantic technology ontology for cyber threat actor analysis. Her efforts in this area and her earlier work with the Cyber Threat Intelligence (CTI) TC earned her the 2020 Distinguished Contributor award from OASIS. In public service, she advised five Secretaries of the US Department of Commerce on international trade issues from 1994 to 2001 and served on the Washington District Export Council for five years. In the EU, she was an appointed member of the European Union's ENISA Threat Landscape Stakeholders' Group for four years. A world traveler and amateur photojournalist, she has visited over 50 countries, further enriching her global outlook and professional insights. Follow me on LinkedIn: www.linkedin.com/comm/mynetwork/discovery-see-all?usecase=PEOPLE_FOLLOWS&followMember=janeginn
Translate »