Securing your access hardware and software

SMART Access & Identity 2026 Access Control & Identity Management, Information Security

As access control expands and technology advances, the attack surface for these systems also grows. Every interaction between readers, controllers, and host systems creates a potential attack point that, if exploited, could give attackers a foothold in the corporate network. For example, access control systems are often integrated with payroll for T&A, which could leave the financial system exposed.

SMART Security Solutions asked RBH Access Technologies’ regional manager, Teboho Rakhale, for insights into the risks and mitigation strategies for securing access control systems.

From a high-level perspective, Rakhale advises that the following measures are a starting point to mitigate cyber breaches:

• Reader security and encryption.

• Data encryption between the reader and the controller.

• Data encryption between the access control controller and the server.

He adds that the client must have a robust cybersecurity policy and strategy in place. Adhering to and complying with industry standards such as ISO27001 could help implement such a policy and strategy. It is not all about access hardware and software security, though. Network vulnerabilities and IT hardware and software protection must also be addressed by the client. The following are some of the related cyber risk mitigation requirements.

Network security:

• Firewalls,

• VPNs,

• Network segmentation,

• Zero Trust (continuously network access verification),

• Secure wireless settings,

• Disable remote access management.

Software and data protection:

• Regular updates on operation system, application software,

• Strong password policies and multifactor authentication,

• Encryption of software and data,

• Antivirus and EDR installation and updates on all devices.

Hardware protection:

• Ensure that Secure Servers and devices are in locked areas,

• Implement a robust backup and disaster recovery plan,

• Enforce a regular username and password change policy.

People management:

• Employee awareness training and regular cyber bulletins,

• Implement a robust backup and disaster recovery plan,

• Conduct regular audits and vulnerability assessments

Multiple authentication modalities are also recommended. Rakhale says RBH Access card readers and biometric readers offer multilayer authentication, for example:

• Card,

• Bluetooth/NFC,

• Card+PIN,

• Bluetooth/NFC+PIN,

• Card+PIN+fingerprint,

• Card+PIN+fingerprint+face,

• Card+Bluetooth/NFC+PIN+fingerprint+face,

• And other combinations. .

The physical risks

Rakhale says RBH Access’s biometric readers use 256-bit encryption and include multiple parameters for mobile app credentials. Since the mobile app generates an automatic credential number based on several parameters, such as the phone’s unique information and timestamp, RBH mobile credentials can not be cloned. Every time you delete the mobile app and install a new one, new credentials are generated.

Even if the phone is backed up and restored later, a new number is generated. The feature is called Ultra High Security Credential (UHSC). Due to this technology, RBH Access Technologies won an SIA award.

“RBH Access Readers use DESFire EV3 cards with protection such as AES, 3DES encryption. This is currently the most secure card in the world. RBH also uses Credit Security Number (CSN) card encryption. This technology allows an encryption handshake between the reader and the card. The reader will not detect a foreign card.”

Location is also a risk. Readers and controllers are usually positioned so they can be monitored or at least seen by passersby; however, the risk of tampering remains. Risk mitigation measures must include making these devices more secure against tampering (which includes changing the default passwords at the very start of an installation).

“Always implement a solution that includes controllers,” Rakhale advises. “Managing access reader via onboard relays poses a major security threat. Once the reader has been removed/ripped off the wall by the perpetrator, it is ‘open sesame’, the doors release. The controller must also always be in a secure, access-controlled area, under lock and key, so that it is not accessible for tampering.”

Communications between the reader and controller must use 128-bit encryption via RS485 Open Supervised Device Protocol (OSDP) v2. The controller has a feature that can be turned off for network device scanning. This prevents the controller from being detected/sniffed.

The RBH Access approach.

To ensure its users implement basic cybersecurity processes when using RBH equipment, Rakhale says it is standard for passwords to be changed and for communication between the controller and the server to use AES 256 encryption. Furthermore, communication between the controller and the reader is secured using AES-128 encryption. The company also advises that cybersecurity policies, as mentioned above, should be adhered to.


Credit(s)






Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Rise in malicious insider threat reports
News & Events Information Security
Mimecast Study finds 46% of SA organisations report a rise in malicious insider threat reports over the past year: reveals disconnect between security awareness and technical controls as AI-powered attacks accelerate.

Read more...
Surveillance & AI roundtable
DeepAlert Lytehouse Refraime SMART Security Solutions Technews Publishing Editor's Choice Surveillance Integrated Solutions AI & Data Analytics
SMART Security Solutions held an online roundtable with a few surveillance experts to explore the intersection of surveillance and AI, gaining insights into the market and how control rooms are evolving.

Read more...
Centurion raises the bar at HomeSec Expo
Centurion Systems News & Events Access Control & Identity Management Residential Estate (Industry) Smart Home Automation Commercial (Industry)
Centurion Systems unveiled its latest product lines at HomeSec Expo 2026, introducing SMART+, a simpler way for installers and end users to manage their Centurion installations - as well as a few new products.

Read more...
New campaign exploiting Google Tasks notifications
News & Events Information Security
New phishing scheme abuses legitimate Google Tasks notifications to trick corporate users into revealing corporate login credentials, which can then be used to gain unauthorised access to company systems, steal data, or launch further attacks.

Read more...
SMARTpod talks about HomeSec Expo 2026
SMART Security Solutions Technews Publishing News & Events Residential Estate (Industry) Videos
SMARTpod, the podcast from SMART Security Solutions, finds out more about the upcoming HomeSec Expo happening at Gallagher Estate on 4 & 5 March 2026.

Read more...
What’s in store for PAM and IAM?
Access Control & Identity Management Information Security
Leostream predicts changes in Identity and Access Management (IAM) and Privileged Access Management (PAM) in the coming year, driven by evolving cybersecurity realities, hybridisation, AI, and more.

Read more...
Protecting citizens’ identities: a shared responsibility
Access Control & Identity Management
A blind spot in identity authentication today is still physical identity documents. Identity cards, passports, and driver’s licences, biometric or not, are broken, forged, or misused, fueling global trafficking networks and undermining public trust in institutions.

Read more...
The challenges of cybersecurity in access control
Technews Publishing SMART Security Solutions Access Control & Identity Management Information Security
SMART Security Solutions summarises the key points dealing with modern cyber risks facing access control systems, from Mercury Security’s white paper “Meeting the Challenges of Cybersecurity in Access Control: A Future-Ready Approach.”

Read more...
Access as a Service is inevitable
Technews Publishing SMART Security Solutions ATG Digital Access Control & Identity Management Infrastructure
When it comes to Access Control as a Service (ACaaS), most organisations (roughly 90% internationally) plan to move, or are in the process of moving to the cloud, but the majority of existing infrastructure (about 70%) remains on-premises for now.

Read more...
From surveillance to insight across Africa
neaMetrics TRASSIR - neaMetrics Distribution Access Control & Identity Management Surveillance Products & Solutions
TRASSIR is a global developer of intelligent video management and analytics solutions, delivering AI-driven platforms that enable organisations to monitor, analyse, and respond to events across complex physical environments.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.