Hi Don-
Building upon Brian's comment pertaining to the credential-to-reader connection, more sophisticated cyber security can be had with contactless smartcard credentials built around NXP's Mifare Desfire EV2 chip. This is not the Mifare Classic chip, which is compromised. As such if encryption is a must, then suggest considering credentials making use of EV2. Here's a link to the EV2 datasheet: https://www.mifare.net/wp-content/uploads/2018/05/MIFARE-DESFire-EV2_Product-Flyer_0518_Web.pdf.
Alternatively, many of today's smartphone-based mobile access credentials offer even higher levels of encryption when compared to traditional contactless smartcard credentials. If sophisticated cyber security is a requirement, then this is an area that you may wish to investigate further.