A Self-Storage Operator’s Guide to Cybersecurity

Every year cybersecurity threats facing small businesses grow in frequency and sophistication and 2022 will be no exception.

Yet, one recent survey has found that 60% of businesses don’t have a policy in place for handling cybersecurity attacks. This is despite the fact that more than 40% of small businesses fell victim to a cybersecurity attack last year.

Just as the self-storage industry secures facilities with access control points and video cameras, it is just as important that owners and operators secure their computer networks with the same degree of vigilance. And, as more and more consumers show a preference for conducting business online, the need for operators to implement and tighten up cybersecurity protocols becomes paramount. 

The following guide is intended to help self-storage operators understand the cybersecurity threats facing the industry today and how they can develop plans and practices to reduce the odds that they will endure a cyberattack.

Self-Storage Cybersecurity Threat Assessment

Before discussing how to set up cyber defenses, it is important to understand the types of hacks and scams that are most likely to target small-to-medium-sized self-storage businesses:

• Ransomware. This type of malware allows the attacker to lockdown a victim’s computer network and hold the data hostage in exchange for a ransom payment. Damages typically start at $5,000 and can go up to six figures.

• Spearfishing. This tactic often targets victims by name and other identifying information. The attacker obtains sensitive information like passwords by impersonating a trusted source.

• Cryptomining. This type of malware takes over part of your networked computers’ processing power in order to mine Bitcoins and other cryptocurrencies. Not only does this slow down infected computers, it also leaves them open to further infiltration or attack.

• Data theft. Perhaps among the most common threats is theft of confidential data, including tenant records and credit card information. 

Self-Storage Cybersecurity Vulnerabilities

Those are the threats, but how does a self-storage business find itself victim in the first place? To answer this, a storage operator must understand the vulnerabilities that exist within their organization. 

Cyberattacks against SMBs have soared during the COVID-19 pandemic. This is, in part, due to the increased numbers of employees working from home, where they are often outside the reach of their organization’s IT departments. 

As it pertains to the self-storage industry, the accelerated adoption of online rentals and contactless customer interactions has increased the industry’s need for technology such as websites, access control and cloud software. Some operators have adopted such solutions for the first time as a result of the pandemic response. As more parts of a self-storage operation moves online, there are more opportunities for cybercriminals to infiltrate that particular business. 

Most vulnerabilities faced by storage operators will fall into one of the three categories:

• Endpoint vulnerabilities. Every computer or device that is connected to your network is an endpoint vulnerability. This applies to employee’s phones and laptops as well.
• Cloud vulnerabilities. Nearly half of SMBs rely on cloud services for almost all of their software needs. Cloud services are essential for powering small businesses, but they also create new openings for cyber- attackers to do their dirty work. The primary risk for operators is if a hacker obtains log-in credentials using spearphishing or other tactics to gain unauthorized access to their data.
• Network vulnerabilities. An example of this is when hackers target your computer network directly, such as by bypassing an incorrectly configured firewall or using an unsecured Wi-Fi connection to install malware on your machines. 

The good news is that with all vulnerabilities identified and proper procedures put in place, storage operators can thwart the vast majority of cyberattacks.

Self-Storage Cybersecurity Best Practices

Just like thieves that might target physical storage facilities, cybercriminals prefer easy targets. It is in the best interest of every self-storage operator, big or small, to ensure that cybersecurity best practices are implemented and followed diligently. The following protocols provide a solid foundation for preventing most attacks:

1. Employee training. All employees should complete cybersecurity training at least twice a year. Such training will teach employees how to spot suspicious emails and other infiltration attempts. Curricula is an excellent free solution operators can use. Larger operations can check out KnowBe4 for an enterprise-level training experience.
2. Enable multi-factor authentication. Use this extra layer of security to keep your e-mail and cloud accounts secure. This requires users to further verify their identity when logging in to services, such as by entering a code delivered to their personal smartphone.
3. Strengthen wireless networks. Wireless networks are more vulnerable than local area networks. Both should be protected by a firewall configured by an IT professional. Always use WPA2 or WPA3 encryption when choosing Wi-Fi passwords. Provide separate Wi-Fi for guests and require a password. Change Wi-Fi passwords often.
4. Secure endpoint devices. Install endpoint protection software on company devices. Good options include Crowdstrike and FireEye. Enable full-disk encryption and individual user accounts on all computers. Limit “admin access” on devices to your IT staff only.
5. Choose a reputable email service. Storable recommends operators choose Google Gmail Suite or Microsoft Outlook, as these provide excellent security, virus scanning and spam blocking capabilities.
6. Turn on automatic updates. This will ensure that your operating systems and software are all up to date. When new vulnerabilities are discovered in the code, developers update the software to prevent them from being exploited by cybercriminals. If your software is out of date you are leaving yourself open to attack.
7. Backup everything. Create daily backups of your critical data. This will allow for continuity of operations should a cyberattack occur.

For more details on any of the above, check out Storable’s Best Cybersecurity Practices for Small Businesses:

Cyber Security Best Practices for Small Businesses

Cybersecurity Incident Response for Storage Operators

By taking the actions outlined in this guide, you will have made tremendous progress towards securing your self-storage operation’s cyberdefenses and reducing the threat of attack. 

However, even the most secure networks can be compromised. In the small chance that your storage facility network is infiltrated, it is important to have an incident response plan in place. This plan should include such directives as how employees should report suspicious activity, how to notify tenants in the event their data is leaked and in what situations law enforcement should be contacted.

Check here for an example of an extensive incident response plan that you can use to map out a similar document for your organization.

Protect Your Business

Cybersecurity is all about protecting your business from unnecessary risk. The time and investment required to implement a cybersecurity policy is well worth it, compared to the potential harm an unexpected cyberattack could have on your business. With a solid plan in place, you can be confident that your storage operation is better guarded than ever.