Self-storage operators are increasing their online presence, leveraging digital platforms and tools to better manage their facilities. Though these advantages can increase efficiency, they can also leave you susceptible to cyber attack if you don’t take proper precautions.
You receive customer information every time you rent a self-storage unit. Cyber attacks are usually aimed at destroying, accessing or changing this kind of sensitive data, such as bank accounts, credit card numbers, phone numbers, and e-mail or home addresses. They’re often designed to steal money or disrupt normal business processes.
It’s critical to protect your digital assets. An attack can result in serious negative consequences to a self-storage business, including service interruption, identity theft, extortion attempts, loss of data, loss of revenue, damage to reputation and more. It can certainly have a significant financial impact, and the cost to recover can be enormous. Direct expenses might include recovery management, fines and penalties, customer credit-report monitoring, and hardware and software upgrades.
According to a 2019 study by IBM, “The financial consequences of a data breach can be particularly acute for small and mid-size businesses. In the study, companies with less than 500 employees suffered losses of more than $2.5 million on average—a potentially crippling amount for small businesses, which typically earn $50 million or less in annual revenue.”
Falling victim to cyber attack could be the breaking point for your self-storage operation, so it’s important to take defense seriously. Cyber security is the protection of computer and network systems—including hardware, software and electronic data—from theft and damage. Implementing good security requires a multi-level approach that addresses every aspect of the business, from staff to processes to technology. Read on to learn best practices for bolstering your fortification.
Though there are many ways your self-storage business may be vulnerable to cyber attack, some of the most common include opening a malicious e-mail or link, clicking into an unsecured website, or failing to install proper security. Once cyber criminals have access or create a portal, they can obtain sensitive client data. Thankfully, there are several best practices to help shield your systems, networks and programs. Here are some to consider:
- Vigilance: Open Web links only from sources you trust. A website should have an s in the first portion of its URL (https://). If it doesn’t, it isn’t secure, so don’t provide any personal information to that site. Always make sure an e-mail is from a reliable source before opening any links or responding.
- PCI compliance: PCI stands for “payment card industry.” PCI data-security standards ensure that all companies that accept, process, store and transmit customer credit card information can do so safely and securely.
- SSL certificate: SSL stands for “secure sockets layer.” This is a form of security for websites that handle sensitive information. Ensuring you have an SSL certificate serves two key functions: It authenticates the identity of the website and encrypts data being transmitted.
- Password training and management: Choosing strong passwords is key to combating a potential attack. Having the same password for years or using simple passwords greatly increases your risk of being compromised. To create a strong password, make it long and use a mix of characters. Don’t use personal information like birth dates or memorable keyboard paths (like 1234 or qwerty). Change your passwords every few months and avoid sharing them with others.
- Secure e-mail gateway: In many cases, hackers will try to gain access by sending malicious e-mails with strange attachments. Having a secure e-mail gateway, which scans and processes all incoming and outgoing messages, will help keep threats at bay. If you don’t have a gateway, rectify that immediately.
- Back up and encrypt data: It’s important to back up data so it never gets lost. Encryption is important because it allows you to securely protect information you don’t want others to access.
- Processes and recovery plan: Have a strategy to avoid cyber attacks and implement procedures for if you are compromised. Have a recovery plan. These precautions will prepare you for a worst-case scenario.
If You’re Attacked
Again, cyber attacks can have serious ramifications. They can also be difficult to investigate and prosecute because they often cross legal jurisdictions, including international borders. If your self-storage business is a victim, it’s important to act right away. Here are some steps to take immediately:
- Collect and keep any and all evidence. You’ll need things like log files, e-mails, receipts, reports and other items to serve as evidence if you file a complaint.
- File a report or complaint. Local law enforcement should be the first place to make a formal report, and authorities will guide you to the next steps. The Internet Crime Complaint Center is a partnership between the FBI and the National White Collar Crime Center. Complaints can be filed through their website as well.
- Think about what else may be at risk. Depending on the type of attack you experience, there may be additional steps to take, such as changing passwords, canceling credit cards or updating account information. If a tenant’s information is compromised, you’ll likely need to reach out to him, but wait until after you file a police report.
Cyber security is critical in today’s digital world, and self-storage operators must protect their data and assets. Keep your organization and customers safe by using practices, planning for attacks and knowing what to do if one occurs.
Katie E. Johnson is a marketing professional at Easy Storage Solutions, a provider of Web-based management software and other technology for small to mid-sized self-storage facilities. She has years of experience managing a wide range of marketing tasks, from building brand awareness and increasing client relations. For more information, call 888.958.5967; visit www.easystoragesolutions.com.