Cybersecurity: Protecting Your Data & Your Reputation

Self-storage has become as reliant on the internet as any other industry. Now, the entire process from marketing to signing up and even entering most facilities is done with the help of technology. As a responsible business, it is your job to properly allocate capital to protect your customers data in order to avoid data breaches that could ruin your company’s reputation and drive existing tenants and prospective customers away, as word of mouth still plays a big role in the industry.

 

 

As a self-storage business, you are responsible for sensitive information from customers, like payment, identification, and even their credentials to access their things inside their unit. A breach of this kind of data could easily lead to legal issues, especially if hackers are able to use the information to steal from your customers. However, even in less extreme cases, this kind of situation tends to ruin the reputation of a business, which is something no business can afford.

 

 

 

 

According to Zach Fuller, co-founder and COO of Silent Sector, a cybersecurity company, “Cybersecurity risks for self-storage are generally around the third-party solutions they use, like softwares and platforms used to run their facilities. It’s important to not take it for granted and assume those companies are keeping your data safe. It’s a good idea to ask the companies behind the softwares and platforms what they are doing from a cybersecurity perspective, how the data is backed up, and how the company is backed up in case they are compromised.”

 

Another big issue he mentions he has seen in the industry is the practice of storing sensitive information on the cloud. “Most self-storage companies use cloud services for their general business operations, like emails, drive storage for calendars, scheduling, Microsoft 365, and Google Workspace. All of these platforms are only as secure as their setup configurations,” he says. “In other words, they aren’t inherently secure. Each company has to properly configure their own security control, either with their own resources or by hiring a third-party specialist.”

 

 

When it comes to strengthening your cybersecurity efforts, some simple practices can make a world of difference for your business.

 

The first thing you must do when planning to create a more effective cybersecurity strategy is to evaluate possible threats in your operations. This will help you find out how to increase security as well as weak links that could affect the smooth running of your business. “A cyber risk assessment consists of a series of three main reviews: people, processing, and technology,” Fuller states, as he explains hackers will usually look for the weakest target out of those to get access to your system. “Another way to look at risks common between cybersecurity specialists is through penetration testing, which is essentially when they hack into the systems, like a criminal would, to find existing vulnerabilities from a technical standpoint.”

 

Once you have found the vulnerabilities, it’s important to organize them by level of threat, giving priority to finding a solution for the higher risk issues. “Follow the best practices as you are able to do so,” Fuller says. “Nobody is going to be perfect, and there’s always more work to do, but work your way from the most important from the list of mitigation first, and from there, implement as much as possible.”

 

As previously mentioned, untrained employees can be an easy target for hackers, so it should be a priority for facilities to train their staff to follow security protocols such as making sure to choose strong passwords and recognizing phishing emails. This might take some time and money, but it could save you from a future headache. “Having a staff awareness training program is very important,” says Fuller, “as most cyber breaches occur because of social engineering tricking people into giving them information or access to information that should be kept off-limits from the outside.”

 

Make sure the systems, platforms, and IoT devices you use prioritize cybersecurity. Jump on a call, ask for a meeting, question them on their practices, learn how they are backing up your data, and ask all the other pertinent questions you may have regarding it. Be informed, and if you feel they are taking cybersecurity for granted, find a company that doesn’t.“The individual vendors in the self-storage industry should each have their cyber risk assessment and penetration tests done,” Fuller says. “You should be looking into those organizations and making sure they have appropriate third-party testing done on their platforms so you have some way to verify someone else is checking the security of those platforms you are paying for.”

 

This is a staple every person and business in any sector should have, as it is your first line of defense against hackers. Its importance increases when you are a business with access to customers’ data. Fuller suggests implementing it on everything you can, as it is a good first defense against criminals.

 

In the event of a ransomware attack, it is imperative to have your data backed up in a secure location—bonus points if it is somewhere outside your company. “If your data is compromised, it will allow you to restore your operations,” says Fuller.

 

Make sure to properly protect your business by having policies and procedures in place. “For instance, if an employee disappears with a laptop with all the customers’ information on it, if they never signed anything saying ‘the company owns data’ or ‘the company owns the information,’ it will be hard to prosecute it,” Fuller says.

 

Make sure to schedule a security audit to identify vulnerabilities in your system. It is better to invest in catching a possible weak link yourself than waiting for a hacker to exploit it.

 

The best tip to keep your data safe is to prevent hackers from getting any entry point to access it. However, if that fails, it is a good thing to have your sensitive data encrypted, as it adds another layer of security to it.

 

“The account you use for day-to-day business operations should not be an administrative account. Because if the one you use every day gets hacked, the hacker will get the keys to everything,” Fuller says. “You should have a separate administrative account with strong passwords and multifactor authentication that is only used when you need to make changes to the environment you use.”

 

–

 

Victória Oliveira is a senior writer with over a decade of content experience under her belt. Her work has been featured on Darling Magazine, Elite Daily, The Culture-ist, Matador Network, and more.