Fifty percent of small businesses report they’ve had data breaches involving customer and employee information in the past 12 months, according to studies accumulated by “Small Business News,” an online publication for small-business owners. Further investigation shows that in most cases, these attacks can be attributed to lack of security, malicious attack, employee errors, lost or stolen devices, or any combination of these.
Simply put, there’s an overwhelming number of digital threats actively targeting industries like self-storage. Unfortunately, a data breach isn’t only costly and time-consuming to repair, it can permanently tarnish your company’s reputation. Below are several prevention strategies.
Bring Prepared for Attack
Cyber-attacks don’t always come in the form of a big, red shiny button with semi-inviting words such as “Click Here.” You could be putting your company at risk by simply visiting an infected website or clicking on an infected advertisement. New forms of malware are being developed every day with the sole intent of deceiving you. While you may never be aware of every type of threat, it’s important to be prepared.
Employee error makes up for more than 90 percent of all digital attacks, according to data-security and government studies. That means limiting employee exposure to these threats and training them on proper protocol should be your priority. Consider these five strategies:
- Anti-virus/anti-malware software will protect against most common cyber-attacks and can be your first line of defense. Keep your software up-to-date, as it will give you protection against the latest malware developments.
- Management software acts as the hub of your self-storage operation. To limit employee access to vital information, ask your software provider how to configure user rights and permissions.
- Restricting access to the Internet is another way to protect yourself if you’re concerned about employees’ browsing habits. This can be done in a variety of ways and should be considered on a case-by-case basis. In some situations, a written agreement specifying justified Internet use may be appropriate; however, you may also consider router blocks or specialized software that only allows access to approved websites.
- Your computer operating system (i.e., Windows), should be set to automatically download and apply updates. Many vulnerabilities are often found and exploited in these systems, so make sure you’re as current as possible to ward off threats.
- Ransomware is a growing threat that can hold your business hostage. This malware comes in many forms, but what they all have in common is the ability to use strong encryption to lock you out of your system until you pay reported costs of $200 to $10,000. In June 2016, the FBI released a report showing that, on average, 4,000 ransomware attacks occur per day, with the most common method of delivery being fake e-mails or other “phishing” methods.
Avoiding Mobile Breaches
Mobile apps and browser-based software offer additional accessibility to your facility, creating a higher risk for data breaches. A study commissioned by mobile-security firm Lookout surveyed 588 information technology (IT) and IT-security professionals. Sixty-seven percent said it’s certain or likely that their organization had a data breach as a direct result of employees using mobile devices to access their company’s sensitive and confidential information.
With a growing need for mobile accessibility, it’s important to understand the dangers and take the proper precautions. Follow these guidelines:
- While Android devices have always been more prone to mobile malware, attackers are targeting Apple devices as well. For example, XcodeGhost exploited a weakness used by app developers to infect almost 40 apps in the Apple Store that would download other malicious apps to the unknowing user’s phone. It’s important to keep your phone’s software as current as possible to protect yourself from these vulnerabilities. Always check reviews, verify the publisher and avoid any suspicious apps.
- The use of public networks has always been an issue with mobile devices. At the very least, they pose a risk of others eavesdropping on information being transmitted over the same network. At worst, it could be a fake network altogether just waiting for you to send your information. The best way to avoid these complications is to turn off any settings that allow your phone to automatically connect to available networks and only connect to secure, password-protected networks with which you’re familiar.
- Human error accounts for most data loss via mobile devices, which can be lost or stolen. Be aware of that simple fact and have a plan for when things go south.
- Require that every device that can connect to your business be password-protected. While most passwords can be cracked quite easily, it will at least serve as a stall. While the phone itself may be password-protected, it’s important that you not save important business passwords on a phone. If a hacker gets access to your facility information, you’re putting yourself and your tenants at risk.
- Maintain tracking software on all devices connected to your business. If someone has stolen your device with malicious intent, you may be able to locate it via software such as Find My iPhone or Lookout. If it’s giving you a current location, contact the authorities instead of attempting to retrieve your phone yourself.
- If all else fails, be prepared to wipe your device. Even though you may have saved important documents, pictures or messages, it’s crucial to protect your business first. That means having some form of software that will remotely delete all data.
It’s important to make responsible decisions now to protect your business instead of reacting after the damage is done. Whether it be a curious click of a button, a negligent habit or a targeted attack, the possibility of becoming compromised is real and should be proactively addressed before it’s too late.
Kevin Kerr is the marketing and sales coordinator for Storage Commander, a Murrieta, Calif.-based supplier of Web-based and onsite facility-management software. To reach him, e-mail [email protected]; visit www.storagecommander.com.