Security Best Practices for Commercial Facilities

Property managers of commercial facilities like shopping centers, sports stadiums, casinos, churches, and movie complexes face unique physical security and cybersecurity challenges. These places often have numerous points of access to the facility and the internet and digital systems, including Wi-Fi networks for visitors, point-of-sale systems for merchants, digital signage, security systems, and more. Therefore, they need a robust security strategy to protect their facilities, systems and data from potential threats.

These threats are with us every day. But, there are some best practices that can be put into place to reduce risks to the venues, the employees and members of the publics. The rest of this article summarizes some of the best practices that can be put in place to strengthen your cybersecurity. I cover best practices for physical security for this important critical infrastructure area in a different article.

Some Cybersecurity Best Practices

 

1. 1. Network Segmentation: Network segmentation involves splitting a computer network into smaller parts. For instance, point-of-sale systems should be on a different network segment from the public Wi-Fi to prevent a compromise of the public Wi-Fi from affecting critical business systems.

1. 1. Multi-Factor Authentication (MFA): MFA adds an additional layer of security by requiring users to provide at least two verification factors to gain access to a resource such as an application, online account, or a VPN.

3. 3. Regular Patching and Updates: Ensure that all devices connected to the network, including security cameras, point-of-sale systems, and digital signage, are regularly updated with the latest patches and security updates.

3. 3. Firewall and Intrusion Detection Systems (IDS): A strong firewall can prevent unauthorized access to the network, while IDS can detect suspicious activities and alert system administrators in real-time.

3. 3. Employee Training: Many cybersecurity breaches are due to human error. Regular training can ensure that all employees are aware of potential cyber threats, like phishing attacks, and know how to respond.

3. 3. VPN for Remote Access: If remote access to the network is necessary, use a Virtual Private Network (VPN). VPNs encrypt the connection between a user’s device and the network, making it harder for attackers to intercept data.

3. 3. Regular Backups: Regularly back up critical data and make sure that backups are stored securely. In the event of a ransomware attack or other data loss incident, this ensures that you can restore your data without paying a ransom.

3. 3. Incident Response Plan: Have a plan in place for responding to cybersecurity incidents. This plan should include steps for identifying and containing the breach, eradicating the threat, recovering from the incident, and notifying any affected parties.

3. 3. Vendor Management: Establish secure connections with vendors and third-party providers. This may involve setting security requirements for vendors or conducting regular security assessments of vendor systems.

3. 3. Regular Audits and Risk Assessments: Regularly assess your network for vulnerabilities and fix any that you find. An external auditor can provide a fresh perspective and may notice risks that internal teams have missed.