Data breaches and cyber-attacks are real threats for self-storage businesses, even small, independent operators. Here’s a review of national incidents from 2017, tips for lowering your risk and preventing exposure, and strategies for responding in the event an attack occurs.
Year in Review
Now that we’re well into 2018, let’s review some of the biggest data breaches and hacks from last year. There were a reported 868 data breaches or cyber-attacks in the United States. August, October and December logged the most, with 90-plus strikes in each. Coming in as possibly the largest incident in history was the Equifax data breach, which affected more than 145 million customers. Names, Social Security numbers, birth dates, addresses, driver’s license numbers and credit card data were among the information accessed by hackers.
What might surprise you is cyber-attacks happened at double the rate in 2017 compared to 2016, and it looks like there’ll be another increase in the number of breaches this year. We’ve already seen news of attacks and breaches at Lord & Taylor, Orbitz, Saks Fifth Avenue and T-Mobile U.S. Inc., just to name a few. In many professional opinions, it’s no longer a matter of if your data will be illegally accessed, it’s when.
We also saw an uptick in hackers using phishing-type security and ransomware attacks last year. The value of information has led to more creative and sophisticated incidents being perpetrated by hackers targeting both business and individuals.
Lowering Your Risk
Small businesses are now the most attacked segment of the market. Small niche industries are increasingly targeted because of fewer strict security policies and the sometimes rich collection of data available on their customers. According to a UPS Capital report:
- A single cyber-attack can cost a mid-size business $84,000 to $148,000.
- 60 percent of small enterprises go out of business within six months of an attack.
- 90 percent of small businesses don’t use any data protection at all for company and customer information.
This doesn’t mean you need to worry that a cyber-attack is imminent. There’s still a lower than average risk in the self-storage market, but the danger is there. You should be aware of it and take the necessary steps to prevent it.
Cyber-attackers always have an agenda in mind when generating a strike. So, even though you might be a small self-storage operator, you could still be an attractive target for hackers looking to steal your information, hold your data ransom or sell it to the highest bidder. Here are some things you should do to avoid a cyber-attack:
- Always keep the operating system on your computers up-to-date. Remember, your networking equipment needs to be updated as well.
- Keep your security software current. This includes malware- and spyware-detection software.
- Invest in some cyber insurance. This can be a relatively inexpensive way to protect against loss when a breach occurs.
- Be wary of unexpected e-mails, especially if they contain links or attachments. E-mail is one of the main infection methods. Be especially cautious of any Microsoft Office attachments that advise you to enable macros to view the content.
- Back up your important data. This can take leverage away from attackers who are trying to ransom your data for money. Just make sure your backup is appropriately protected and stored offline.
- Test your backups regularly. A corrupted or otherwise compromised backup will not be of any use to you.
- Train staff to spot warning signs of “phishy” e-mails.
- Encrypt sensitive data.
- Use unique secure passwords for each important service or account. Easy-to-crack passwords are one of the most common ways hackers get access to data.
- Don’t visit questionable websites.
- Don’t share your screen with any untrusted parties.
One of the most important things business operators overlook is not all data theft happens online. Don’t forget physical security. This is often the most vulnerable spot for a small business. Are computers left on after work? Are employees trained to know what information is sensitive and how to protect it? Are they given access to work on weekends or after hours? Consider these questions and take the appropriate steps to secure your information.
Following a Cyber-Attack
If you’re one of the unlucky ones and your data is breached, here are some tips on how to respond:
- Have a plan. You need a response plan that includes a communications strategy. How will you notify customers, staff, the media and others about the incident?
- Act immediately. Contact your information technology (IT) team, legal counsel and cyber-liability insurance agent.
- Contain the breach. Take affected systems offline, but don’t turn them off. Your IT team will need to examine them to determine the source of the problem and options for fixing it.
- Document every step. Authorities will need to know the details.
- Communicate clearly. Ensure affected groups are made aware of the issue and steps are being taken to remedy the problem.
Security through obscurity is never a good idea. Relying on hackers to focus on the large corporate targets and ignore your small business isn’t a good strategy. As these criminals get more aggressive and sophisticated, small-business owners need to be more alert and practice prevention. Take the necessary steps to protect your interests by implementing strong security safeguards with staffing, software and training.
Ken Hendrickson is a co-owner of Easy Storage Solutions, a provider of Web-based management software for small- to mid-sized self-storage facilities, and RIZE Marketing, a full-service marketing agency serving self-storage operators. For more information, call 888.958.5967; visit www.storageunitsoftware.com or www.selfstoragemarketing.net.