By Jonathan Fesmire
The self-storage industry is all about security. Tenant units remain locked, gates require access codes, facilities are surrounded by high walls or fences, and camera systems and personnel help keep an eye on the grounds. But just as we keep our properties safe, we need to protect our customer and facility data as well.
Your customers desire the ability to access and manage their accounts online; however, this access also makes it possible for crooks to hack in and steal their sensitive information. You could say there’s an ongoing war between software developers and criminal hackers. Developers come out with a new operating system, Web browser, firewall or other software, and crooks look for vulnerabilities to exploit. Developers work to discover these exploits, but sometimes hackers find them first. Then developers provide users with patch software to close the weaknesses, and the cycle continues.
Many companies have been hacked for personal customer data. In 2015, compromised organizations included electronics manufacturer VTech, the U.S. prison system, the FBI, seven of Donald Trump’s hotels, crowdfunding platform Patreon and others. Nearly every American has had his data stolen at least once.
When tenants rent a self-storage unit, they expect the company to keep their personal and financial information safe. Here’s how to ensure it is.
For your first line of defense, set up a firewall. A firewall consists of software that keeps outsiders from getting into your computer network, much like the wall around your facility keeps people from entering the property. Employees are able to get into the system with passwords, and customers are able to access their records, pay their bill and so on; but the firewall will cover vulnerable points.
Make sure any company laptops that will be used to access the system have firewall protection, too. Otherwise, hackers could piggyback on that connection.
Data thieves don’t want just one person’s information; they want whole databases of users. In addition, they may be after corporate secrets and other intellectual property. Once a hacker gets through your firewall, he may be able to access all of it. To combat this, set up internal firewalls. In other words, each system should have a firewall of its own. Your information-technology (IT) team can set it up so employees can access what they need, but crooks who manage to make it past one firewall will get stuck at the next. Even if they steal important data, they won’t get everything.
Incoming e-mails can also cause problems, so put spam filters in place and scan for malware on the e-mail server side. Malware can directly infect company computers and leave open back doors for hackers. Internet scammers also design clever spam messages to get employees to reveal sensitive information. If you can prevent these from getting to your employees, that will keep your system safer.
Encrypted data is extremely difficult to read, so use encryption for all your sensitive information. Make doubly certain that data moving over the Internet—whether an employee accesses it remotely or you e-mail a file—gets encrypted, and the right person on the receiving end can decrypt it.
Software Updates and Patches
Unfortunately, software often comes with vulnerabilities. Companies like Microsoft want to keep their software secure, but hackers often find bugs in a program that allow them into a computer system. When Microsoft discovers a security exploit in Windows or Office, it puts out a patch as soon as possible to fix it, and other software companies do the same for their programs.
Keep the software up-to-date on all your systems. Security patches and updates are especially important. It can be disastrous when a hacker learns of an exploit and gets through your security simply because you didn’t yet apply a patch.
Mobile Devices and Removable Storage
Smartphones, tablets and other mobile devices need protection, too. Hackers can sometimes read data coming from them and have used this to access people’s passwords and more. Make sure each mobile device is password-protected. Put a data-encryption solution in place for all devices, and invest in security apps for any employee devices used to access company servers and databases.
You should also have a strong removable-storage policy. Only allow employees to use USB cards and such on company computers if it’s necessary for the job. This will help prevent staff from copying company information or accidentally bringing malware to work. When removable storage is allowed, make sure each device gets scanned for malware before it becomes accessible.
Even before the Internet blew up in the 1990s, companies needed to back up their data. At the time, they often did this to tape. Today’s technology is much more sophisticated. These backups, though, are just as important as ever. One option is to save data to a company’s own servers, often making several copies, with one onsite and one or more at offsite locations.
Invest in a cloud backup solution, which can encrypt and store your files securely and update on the fly. Instead of storing all of the company’s data once per day, these services can update your storage with new files and data that has changed. You can even access multiple versions of files. Even if all your computers lose their data at once, you’ll still have everything important ready to reload.
It used to be that for a virus or malware to get installed on a computer, a user would have to manually run the program containing it. These days, some websites use what are known as exploit kits. These are sneaky. A user will go to a website, and the site will determine if the browser software has a vulnerability. If so, it’ll take advantage of this to install malware without a user’s knowledge. This is another reason why it’s so important to apply software patches as they come out—the software designers learn about these hacks, too, and write patches to remove the exposures.
Have a good anti-virus and anti-malware solution in place on every system. An IT professional will be able to recommend and install one.
Only authorized personnel should have access to any computers, including the laptops and mobile devices issued by your company for offsite use. Each employee should have his own personal account. This not only keeps the company more secure, it makes it easier to track where a breach occurred.
Protect your wireless network with encryption and a password, and then go a step further and prevent it from broadcasting its network name. On the grounds, employees can connect by typing in the name of the network, but others won’t be able to find it.
Only members of the IT staff should have administrative access, as untrained users may accidentally or maliciously compromise data or crash servers. In fact, each employee should have access only to the tools and databases specific to his job.
Guidelines and Training
Finally, with all this in place, train your employees on the basics of how the security works and their responsibilities. Make sure they know what sorts of e-mails to avoid, that they shouldn’t share their laptops or other devices, and when to contact IT to solve a problem. With these measures and a vigilant IT department in place, you can minimize security breaches and keep your self-storage customer data safe.
Jon Fesmire is a copywriter at Storagefront.com and writes articles for the company’s blog, “The Renter’s Bent.” In 2011, he earned a Master of Fine Arts from Academy of Art University.