RFID's Guilty Secret.
Whether they know it or not, everyone has used RFID at some point in their lives. The first radio transponders used during World War II kicked off the development of this branch of technology. Through constant evolution, it has since grown to include today’s commonplace Radio Frequency Identification activated ID cards and key fobs. In the not-too-distant future it may even lead to people using a microchip embedded in their bodies to log into their PCs and pay at vending machines. The daily familiarly of RFID means that its benefits are often taken for granted, but it should not be underestimated.
If we dial it back to the basics, RFID is an identification technology, that uses radio frequency waves to transfer information between a reader and a tag. This enables people to design systems to identify, track and locate tagged items. The most common use across businesses is for access control, covering protection of staff and buildings, valuable assets or confidential information. These systems can involve anything from proximity cards and fobs, to biometric scanners. RFID cards are often uploaded with certain personal details to allow businesses to tackle issues around authorisation and security.
The potential use cases for this relatively simple system are endless. An investigation into future uses of RFID suggested that the technology could, for example, be used to improve health and safety in office buildings by speeding up fire evacuations. You could log each employee leaving the building, making it easier to ensure that everyone has left safely.
Some businesses are looking even further into the future. A small group of employees at Stockholm’s Epicenter office space have voluntarily opted to have RFID chips implanted in their hands. They can use the chips to unlock doors, access printers and pay at vending machines. Controversial or not, the workspace is open about their desire to be early adopters of new technologies. Meanwhile, implanting a chip certainly makes it difficult for it to be misplaced, while also making the security system more seamless for employees.
But RFID isn’t infallible. Any time a new technology becomes mainstream, it presents an opportunity for hackers to find a way to exploit it. In 2013, low frequency RFID cards were being used everywhere from tech companies to hospitals. As these cards had no encryption or authentication, their information could be captured as soon as a ‘reader’ was nearby. While newer RFID cards have since been released which are built on a more secure technology, there are still many businesses that are using inherently vulnerable technology. According to one report, nearly 80% of all key cards used within commercial facilities may be prone to hacking due to protocol vulnerabilities, such as businesses still using the basic EM4100 cards and fobs. The widely used Mifare Classic RFID chip, once the backbone of the UK’s
Oyster card and the Netherlands OV-chipkaart, was even hacked by students of the University of Holland showing just how vulnerable these older chips really are.
However, there’s more to a robust security system than the latest RFID tech and breaches can occur from any number of entry points you may not have considered. Take print security as an example. The Global Print Security Report recently found that 60% of companies in the UK, US, France and Germany suffered a print-related data incident in the preceding year and the loss cost companies an average of more than $400k.
These breaches come from a variety of different sources, from compromised passwords (24%), to external hacks (25%), employee error (32%) and so on. With that in mind, even the modern, more secure RFID cards would not be enough to eliminate risk. Keeping information confidential requires the entire document life-cycle to be made secure, so for RFID to prove effective it should be deployed as part of a larger, integrated security system. This means shoring up not just the physical security of your devices, but also having clearly defined protocols for the security of your network and even individual documents.
Introducing any technology comes with new and unpredictable risk. As businesses rapidly transform, they can fall into the trap of driving innovation without first establishing robust security measures. They need to focus on building office security from the ground up, but to do that it’s crucial to get the basics right. RFID is not a new hype technology, but used correctly, it does offer a solid foundation for any security strategy. Ultimately no one technology is enough, but as long as systems are set up with security at the foundation and no single aspect is expected to be totally invulnerable, businesses can embrace innovation with confidence.