By Kay Miller Temple
Tick-tock-look-at-the-clock. Are you kept awake at night thinking how the next sensitive-data breach might affect your self-storage business? Target, Neiman Marcus, Heartbleed, Internet Explorer—who's next? Fortunately, the industry's management-software companies offer many features that will help you protect tenants' information and your business.
Self-storage software companies are keen on meeting Payment Card Industry Data Security Standards (PCI DSS). These requirements, included in any discussion of credit card data security, are created by the PCI Security Standards Council, which introduces new goals every three years. This is the timeframe to accommodate updates and deploy new security approaches.
Passwords are one of the most vulnerable points of software, mainly due to the unbelievable number of global users that still use the word "password" as their password. Passwords are key to limiting access to data, but only if they're strong, not shared and changed frequently. Essentially, passwords are a way to augment data security.
"Configuring software to cause current passwords to expire and new passwords to be assigned after a specified number of days can also be complimented by lockouts after a specific number of failed attempts," says David Essman, director of marketing for Sentinel Systems Corp., a provider of self-storage software and security products.
Encryption and Tokenization
Partnered with PCI DSS in conversations about personal data security are "encryption" and "tokenization." Both offer ways to provide data protection. Complicated mathematics aside, encryption is the process of translating data into a code, making it more difficult for unauthorized users to read. Tokenization takes sensitive data and replaces it with a surrogate value. In addition, information goes back to company software to be stored and used for subsequent payments.
"This means if someone were to access your data, they would only have useless reference numbers that can't be used anywhere else," says Steve Weinstein, business development consultant and security specialist for QuikStor Security & Software, a provider of security and software products. "This puts the responsibility of PCI compliance and credit card data security in the hands of the experts: the credit card companies themselves."
Layer Upon Layer
As hackers try to whack their way to sensitive data treasures, software companies add layers of cyber hurdles. Multiple firewalls offer protection. Sometimes hackers get in only to find the treasure chest is empty and a facility's software doesn't even store the data.
Another security layer can be data encryption specifically at the database level, says Mark Smith, senior vice president of product strategy for software provider Centershift Inc. "This ensures that even if the data were to fall into the wrong hands, it would be virtually impossible to decrypt the data and derive any value from it."