By Kevin Kerr
With an ever-growing world of technology at our fingertips, data-safety practices for your self-storage business have never been more important. The vast amount of information stored at your site can include tenant names and addresses, financial records, marketing materials, management details and much more.
The creation of this data was most likely time-consuming and laborious. Once lost, the information may be extremely hard or even impossible to recreate. Knowing how to keep this treasure trove safe from loss and attacks is essential to running a successful business. The following tips will help you avoid potential data-security breaches and ensure your precious information remains protected.
Protection Against Data Loss
The first thing to do is ensure any information related to your operation is protected. This means your financials, marketing materials and personal employee data. Most of your financial security can be addressed by upgrading your system to Web-based accounting software such as Kashoo, Quickbooks Online or Xero. For a low monthly cost, these tools will allow for a more flexible mode of accounting while keeping your information secure and off your local computers.
To secure staff and personal information, back up your information to an external drive and also use an automated online-backup service. Providers such as Avast, Carbonite Inc. and IDrive Inc. can provide this important service without breaking your budget.
Data Safety for Your Customers
Your tenant information is where we really start getting serious. Protection of this data, which usually includes names, addresses and financial details, shouldn’t be taken lightly. The important thing to remember is if this information is compromised, you’re the one who becomes liable. The issue can be addressed by choosing a secure facility-management software.
There are many factors that come into play when choosing software, but security should be considered above all else. Using a Web-based program gives you a great start because all of your valuable data is hosted on the provider’s secure servers, and your info is therefore protected against natural disasters and theft. Furthermore, most of the newer packages have started favoring tokenization over encryption to secure credit card data directly within the credit card processor instead of locally on your computer.
User groups and permissions are another security standard that’ll help protect against data breaches. Setting your software to hide or block upper-level management and owner actions from onsite management can assist in the prevention of human error, or worse, a disgruntled employee.
Most of these security features have already been provided by self-storage software developers and require little to no effort on your part. However, the responsibility of ensuring these tools are being used to their fullest extent rests solely on the shoulders of each facility operator.
Avoiding Risk
Data risks come in multiple forms. Some are easier to detect than others. An example of a simple risk to avoid occurs when using the Internet. You must consider the security of the websites you visit from your facility computer. Always use a secure website for important information and transactions to ensure they’re not being broadcast to others on your network. If a website is secure, it’s usually evidenced on most browsers by a lock symbol next to the Web-page URL.
Cyber attacks are a security risk that may not be so apparent. Recent studies by technology company Symantec Corp. estimate cyber-crime victims worldwide lose around $325 billion each year. A study by McAfee, a security-technology company and part of Intel Security Group, puts cyber-crime profit at an estimated $842 billion per year.
The attacks are becoming more complex, and recent advances in malware have brought a new threat to your door called Ransomware. Recently, the Critroni CTB (Curve-Tor-Bitcoin) Locker has been wreaking havoc, forcing users to either pay a hefty sum for a decryption key (usually between $125 and $300) or lose access to their computer files forever.
The CTB locker is distributed via mass spam e-mails, and the infection begins with opening an attachment. This attachment may look like an urgent file or even a fax (john_invoice.zip, shipment_order.rtf, etc.), but once you open the file, the downloader virus begins to connect to several different URLs and leads to the download of the CTB Locker. Once the malware has been successfully downloaded, it’ll scan the computer’s files and drives. Upon completion of the scan, it’ll copy all of your available files, encrypt the copies using its elliptical curve cryptography, delete your original files, and finally displays its ransom message:
CTB Locker is a fairly advanced and well-thought-out malware. The elliptical curve encryption and relatively short response time given to an infected user prevents the use of “brute force” decryption attempts and will self-delete the decryption key from your system after the allotted time. Furthermore, the system requires you to download and use Tor, a browser that makes detection of these cyber criminals nearly impossible. Currently, there are no known ways to decrypt these files after the timeline has passed.
Paying these cyber-kidnappers the ransom should (but won’t always) result in the release of your data. However, it’s not recommended to fund these criminals’ future attacks, and the payment should only be used as a last resort.
Knowledge Is Safety
Educating yourself and your staff on how to protect information from these attacks is the best option available to any self-storage operator. Regularly backing up your data on external drives will essentially render any ransomware attack useless and should always be practiced as your first and strongest line of defense.
Using Web-based software and applications will give you a great second line of defense in case you do fall prey to a malicious infection. This ensures that even after an attack, your vital information is stored in the cloud and always accessible for future use. In the end, it’s up to each and every facility operator to use the above practices to ensure the data for your business and tenants is secure.
Kevin Kerr is the director of sales and marketing for Storage Commander, a Murrieta, Calif.-based supplier of facility-management software. To reach him, e-mail kevin@storagecommander.com; visit www.storagecommander.com.