Imagine business as usual at your self-storage facility...and then it happens. You or an employee clicks on a malicious link from a bad email or unsecured website that freezes your system’s data. Or an employee receives an email that appears to be from you, a manager, or a vendor that asks for a reply for the purpose of gaining access to your management system. Once inside your system, cybercriminals install malicious software or create a portal for hackers to steal sensitive customer data and payment information.
“When you consider the different types of personal customer information stored in a facility’s system and that a standard self-storage facility can transact between 10 and 20 payments per day, owners must be proactive when it comes to cybersecurity,” says James Appleton, Director of Sales Special Risk, MiniCo Insurance Agency. “Facilities that continue to operate with outdated software, store information on a local platform and don’t keep up with anti-virus and ransomware protection are prime targets for a breach.”
According to a recent study by 4iQ, cyberattacks on small and medium-sized businesses in 2018 increased at an excessive rate — up nearly 425% over the previous year. As small business operations, self-storage facilities can be prime targets for cybercriminals. In general, many small businesses are vulnerable to data breaches for three key reasons:
- They don’t believe they are at risk.
- They often lack the time, resources, and technology know-how to implement safeguards to protect their businesses.
- It typically takes a smaller business longer to detect a breach once it happens.
The financial costs incurred to resolve and recover from a data breach can be staggering. Direct costs may include customer notification, third-party recovery management, forensic investigation, fines and penalties, ongoing customer credit report monitoring and identity theft repair, and hardware and software upgrades. According to the Ponemon Institute, the average price for a small business to clean up after a breach is approximately $690,000, and this figure doesn’t take into account the loss of revenue.
Lost Revenue and Reputational Costs
In addition to the more direct costs, according to IBM, a data breach can cost a small business up to 5% of its annual revenue in lost business. In fact, approximately 60% of small businesses end up closing their doors within six months of a data breach. Perhaps the biggest long-term consequence of a data breach is the loss of customer trust. A single compromising data breach can harm even the best of reputations, making it difficult for a small business to fully recover.
Cybersecurity Best Practices
Cybersecurity best practices should encompass a multilayered protection strategy that includes:
- Implementing a password management policy and training for all employees.
- Using a web-based PCI-compliant software system.
- Protecting your wireless network.
- Prohibiting the connection of personal or untrusted storage devices or hardware to computers, mobile devices, or networks.
- Backing up and encrypting data in the cloud.
- Implementing multifactor authentication.
- Controlling access to your facility’s network.
- Establishing a recovery plan.
- Securing cyber insurance.
Cyber insurance is a critical component of cybersecurity management for self-storage facilities, covering both first- and third-party costs as well as business interruption expenses if a cybersecurity breach forces your business to shut down. Examples of specific coverages available under a cyber insurance policy include notification expense, crisis management, regulatory investigation expense, data breach liability, content liability, data loss and system damage (data restoration), data extortion, and business interruption.
A cyberattack can have a serious financial and reputational impact on your self-storage business. Staying informed on key issues, regulatory changes, and laws as well as implementing proper risk management best practices and safeguards that include cyber insurance can make it much easier to prevent and detect a security issue and help facilitate recovery.