You read that right! The DoD apparently sold a biometric reader with personal data on it as investigated by German researchers and as reported by Gizmodo. That caused us to pause and think about how that situation could be replicated in a commercial access control environment.
This unfortunate situation does bring up an interesting concern when it comes to commercial access control solutions - is biometric data being safeguarded? Biometric data is considered personally identifiable information (PII) and should be kept very secure. Especially considering the permanence of stolen or compromised biometric data and scans. Biometric scans are only as secure as the as organization administering the scan, therefor, controlled physical access, device selection, software platform, strong password requirements, and other cyber security measures can be imperative to the security of a solution.
Biometrics are an excellent form of authentication as they are a biological piece of the individual seeking access to a secure area. In our engineered security designs, biometrics are distanced from direct association with an individual. The best practice is to implement biometrics on the inner rings of the concentric security concept. The SEEK II device in the article we sited, it was physically compromised before the data was compromised. This is why we must distance personnel and data from potential adversaries with other means of physical access control.
Fortunately, we believe most organizations should be safe from this happening, assuming they are using top-tier access control solutions paired with biometric devices and have implemented appropriate cyber security measures.
Not sure if your facility is using biometrics properly or safely? Give us a call or send us an email to discuss how we can help your organization.