This month reminds us to honor mothers, nurses, service members, and all who are serving or have served in the past with compassion and dedication. I encourage you to take the time, celebrate, and thank these individuals with your colleagues, friends, and families.
There are many ways to make money in your life. Perhaps some easier than what we do in the Integration world. I think we are in the Integration business because we share a common goal and at a very basic level that is to protect people and their assets.
I commend you for working in this industry despite the ever changing and challenging technologies. What you do is praiseworthy, admirable, and some may call it noble!
We clearly have the responsibility to protect our employees and clients’ information. Let’s talk about some of our responsibilities that involve protecting information.
AI Responsibility, and Aligning with Security Expectations
Artificial Intelligence continues to spark discussion across many industries. While predictive analytics—used for years in CCTV systems—can be viewed as an early form of AI, today’s tools are far more powerful.
AI is just that: a tool. Used responsibly, it can add value. Used carelessly, it can introduce cybersecurity risks and system vulnerabilities. Two basic and critical considerations for AI implementations are:
- Where data is stored
- How AI models are trained
Sensitive employee and client information should never be used to train external AI models. As IoT devices and connected technologies continue to grow, managing and securing vulnerabilities becomes increasingly complex. Here is one of the best descriptions of AI we’ve heard:
AI is like a teenager—it acts as if it knows everything, but you still have to continuously tell it exactly what to do and be very specific.
Cybersecurity Is Not Optional
As systems integrators in the security and life-safety industry, protecting people and assets carries a responsibility for ethical and secure practices.
Best practice network security often includes a layered approach using tools such as:
- Firewalls
- VPNs
- Intrusion Detection & Prevention Systems (IDS/IPS)
- Multifactor Authentication (MFA)
- Wi-Fi encryption
- Endpoint protection and antivirus solutions
- A SIEM Solution
- A Backup Solution
A good Incident Response Plan (IRP) will outline the roles and responsibilities of all parties. This will work with your business continuity plan. If you do not have the technical resources in-house, one option may be to reach out for help to a Managed Service Provider (MSP).
If you are interested in a compliance guideline, NIST800-171 used by all Federal Systems is a good policy to implement or follow as much as possible. This certification is required for government contractors and subcontractors. Depending on your interest and resources, it may be an interesting model to follow as a framework. Another could be ISO27001. These will help you with password policy setup, backup solutions, encryption policies, and even physical security of your facility.
Using the right tools—or the right combination of tools—helps secure your ecosystem from end to end. After securing the network, installing AI-driven CCTV and access control, it would be good practice not to install a generic lock with replicable keys at the local hardware store on that IT room to bypass it all! Some clients still may not have a reliable keying system for their physical keys and how to keep them secure.
A reflection on April events, our 2nd Annual Clay Shoot in Sumterville was a success. We were able to raise $6,000 for our AlarmPAC and we have already had a number of successful regional meetings.
Thank you for your continued commitment to service, security, and doing technology work appropriately.
Farshid Pourgolafshan
IAF President |
