Like all businesses that rely on computers and the Internet, self-storage facilities should take precautions to reduce the likelihood of cyber attacks.
Most owners of small and midsize businesses have no idea how easy it is to hack into a computer system and steal financial data, said Terry Evans, president of Cybersecurity Biz LLC in Rochester, NY.
“If I were a cyber criminal, I would simply walk in and leave a USB thumb drive on the desk,” said Evans, who trains people to keep their information secure from online thieves. “If I simply labeled it ‘confidential’ and put a file on it with pictures, people would open it. In the meantime, I’d have malicious software loading up. It’s that simple.”
A lot of small businesses hear about cyber crime and don’t know how it impacts them.
— Terry Evans, president of Cybersecurity Biz LLC
Evans said the key to keeping self-storage facilities free of cyber attacks is to train employees to recognize such scams. In addition to avoiding malware hidden on thumb drives, you should be careful when opening emails. If an unknown person sends you a link via email, clicking on the link could let that person enter your computer system. The practice is called “phishing.”
“You should train your employees that if anything looks suspicious, don’t open it,” said Natolie Ochi, vice president of SKS Management, which runs storage facilities in California and Hawaii. “You have to be really careful.”
No need for expensive gear
Evans said some businesses wrongly assume that they need to buy expensive hardware and software to prevent cyber attacks. While it’s essential to install cybersecurity software to protect your computer system from malware and viruses, there’s no need to spend a fortune on security measures, he said. Use software that searches for viruses and malware as you search the web.
“A lot of small businesses hear about cyber crime and don’t know how it impacts them,” Evans said. “They don’t know how to address it. They think they have to get someone in there and spend $20,000 or $30,000. In reality, the greatest risk is their own people.”
Evans said employees often are tricked into revealing confidential information. For example, someone might contact an employee by posing as a computer technician and ask to borrow the employee’s password. The password later is used to gain access to the computer system.
An untrained employee is the weakest link in the security chain, Evans said. The best defense: Impose strict policies that outline what types of information can and cannot be divulged to outsiders.
While large companies are likely to be attacked by thieves in search of credit card data, most self-storage facilities are not, said Robert Chiti, president and CEO of Open Tech Alliance, which provides technology and services to the self-storage industry. The payoff for hacking into small and midsize companies with 1,000 to 2,000 credit card customers is too small to make them likely targets, Chiti said.
Four tips for defeating cyber criminals
Here are four tips for securing your self-storage business’ computers and online presence.
1. Strengthen your passwords.
Evans said too many people choose easily guessed passwords, such as the names of their children. “Passwords should all be at least 15 characters,” he said. A password should be a mix of uppercase letters, lowercase letters, numbers and symbols.
2. Use automatic software updates.
To limit the chances of malware corrupting your network, make sure your software updates automatically, Chiti said. If “bugs” in your software prevent it from working properly, automatic updates repair them.
3. Follow the rules.
The Payment Card Industry Data Security Standard was set up to ensure that companies processing, storing or transmitting credit card information are doing so securely.
“If your [computerized] property management system is PCI-compliant, you have to ensure that there are no credit card numbers stored in your property management system,” Chiti said. “That is a huge exposure.”
4. Change passwords.
After a worker leaves your business, changing your business’ passwords can safeguard you against a disgruntled ex-employee who wants to inflict cyber revenge.
However, Evans said, changing passwords too often can backfire: Your employees might end up posting passwords where the public can see them, rather than committing them to memory.