Using a Cybersecurity Incident Response Plan to Protect Your Storage Business
Imagine you are a self-storage manager and you just discovered that there was a data leak and all of your customers’ credit card numbers were exposed.
What do you do next?
If your self-storage facility has a cybersecurity incident response plan in place, then you’d know exactly what to do.
Why every storage business needs a cybersecurity incident response plan
For most small to medium-sized businesses, getting hit with some form of cyberattack is only a matter of time. The number of cyberattacks has increased during the pandemic as more consumers and businesses turn to online platforms to conduct transactions.
That, of course, includes the self-storage industry. Since the pandemic, many more facilities are adopting digital tools and offering new features like online rentals via a company website. These tools allow self-storage facilities to gain more leads, more rentals, greater efficiency and more revenue. In short, they are invaluable.
However, the more of your operation that is connected to the world wide web, the greater exposure you and your business face from potential cyberattacks. But with proper training and network protocols, you can greatly reduce the risk posed by cybercriminals.
It is considered best practice to have a cybersecurity incident response plan (CSIRP) in place. This plan will instruct members of your company on the correct procedures to follow in the event of an incident or an attack. Taking the proper steps in response to an event will help ensure continuity of your business, reduce your liability, reassure your customers and hopefully save you from financial damages.
Need another reason to implement a CSIRP? You might be legally required to in some areas. For example, California requires businesses to have one in place under certain conditions, such as making $25 million revenue per year. If an incident takes place involving customers and there is no plan, the business could be hit with hefty penalties.
Developing an incident response plan for self-storage
The National Institute of Standards and Technology provides the accepted standards for writing a CSIRP, which lays out everything you need to know to create a fully developed response plan for your storage facility
There are four phases in an incident response plan, here is an overview of each one:
1. Preparation
Every response plan needs a response team. The first part of your plan should identify the members of the incident response team and what their duties are in the event of a security incident. There is a detailed list of suggested procedures in the NIST Computer Security Incident Handling Guide that you will need to familiarize yourself with to get started.
2. Detection and analysis
This phase occurs once a cybersecurity incident has been discovered and your team decides how to respond. Signs of an attack fall into two categories:
Precursors – Detected prior to an attack (ie: a suspicious number of failed log-in attempts on a user account)
Indicators – Discovered after or during an attack, such as receiving an alert that there is malware on your computer.
Different attacks call for different responses, and your plan should have procedures in place for the most common and likely incidents such as phishing, malicious software or theft of hardware. In all cases, you will document the incident and follow the plan’s directions in coordination with members of the response team.
Once your team has verified an incident has taken place, you may need to notify third parties right away. These could include your tenants, your insurance company, law enforcement and so on. The response plan should detail who to contact and under what circumstances.
3. Containment, eradication and recovery
This phase is the most critical—in essence it is your response.
When embarking on a containment strategy you will need to consider the potential harm the threat could cause, the need to preserve evidence, availability of services, the time and resources required to respond and how effective your response might be.
Once the threat is contained, your next move is eradication. This eliminates any continued vulnerabilities and threats from the attack. Depending on the nature of the attack it could involve cleaning hard drives of malware or deleting compromised accounts. Major attacks may require consulting with a data forensics team to make sure your network is completely secured again.
After eradicating the threat, you’ll move on to the recovery phase. During this phase you’ll want to:
- Update your security measures to prevent another attack
- Address any vulnerabilities that led to an attack (weak password security, for example)
- Increase training to identify and prevent reoccurrence
- Restore from backups
4. Post-incident response
The final part of your response plan is to debrief and review with your team on what went well, and what could have been done better—including preventing the attack to begin with. You’ll also want to do a final accounting of the damage. Make sure to think about your CSIRP and if it was effective during the attack. If not, you’ll need to adjust your plan to make it better for next time.
This phase may also involve ongoing communication with third parties and tenants. In some states, such as California, it may require issuing a public notification that a data breach occurred.
Putting your plan together
As your self-storage organization grows, it becomes even more important to protect it. Having a cybersecurity incident response plan may seem like a time-consuming project, and indeed it is. But you can start small and continue to improve your plan overtime. Having the right security procedures in place when an attack occurs could save you time, money and hassle.
