Security and data privacy in self-storage is a huge concern

Sue_C

We hear about it a lot in the news these days, data breaches and hackers trying to get our personal data—especially credit card info.

Does your facility have a plan in place if you get hacked? Has it ever happened to you?

Sheryl_Scott

Storage Owners and Operators should focus on preventing a data breach by following Payment Card Industry(PCI) Standards. Scott Zucker wrote a great article recently, Data Breach State Laws Govern, June 21, 2017 that helps owners/operator better understand their responsibilities. Here are a couple of quotes:

"While there are similarities among the states, just like with state lien laws, there are subtle differences that need to be considered by operators depending on which state a self storage property is located. Generally, each state addresses the requirement, upon discovery of a breach, to notify the affected customers, notify law enforcement and, in some states, notify credit reporting agencies. In other states, there is the recommendation to offer affected customers free credit services, such as credit monitoring, to watch for improper use of the stolen information. Some states require that these types of services be provided Some states provide affected customers the right to sue for damages if their information is taken, and others provide for governmental penalties if the notifications are not timely delivered. Again, since each state law is unique, self storage operators should be careful to review the applicable law for their state should a data breach occur."

"Under all the state laws, the contents of the notifications are similar. The notice must provide an explanation how the breach occurred and when it occurred, what information was taken, what actions have been taken to remedy the breach to ensure it cannot occur again and what actions the business is taking for the benefit of the affected customers (for example providing the free credit monitoring). Since the cost of notifications, as well as the cost to cure the breach, can be expensive, many companies are investing in cyber liability and data breach insurance. These days, even if self storage companies may not seem to be at risk, it is strongly recommended that this type of insurance be included in any policy purchased to insure your business."

Click here for Scott Zucker's full article...

Ron

If using Sitelink stand alone, that computer really should not be connected to the internet and tenant's social security number should never be put in Sitelink.  If you do have to connect to the internet for credit card processing, make sure nobody is surfing the web on the same computer. 

The data is not protected. Below is a sample from the stand alone database read with notepad, (never save a mdb file if opened with notepad).

RonVanVardenAdvanced Mini Storage #12625 Monte Diablo Ave.Stockton952032094664444C1234567123456789StocktonAdvanced Mini Storage2625 Monte DiabloStockton95203209466444419890000montediablo@stocktonstorage.net

which is the following;......... Name / Company / address / City /zip / phone / DL# / SSN / Billing address /Work Phone /Home Phone / E-Mail Address

I have helped other facilities eliminate viruses, spyware and Trojan horses programs off their main computers after they had used their main computer for play and research.

Stand alone is an amazing program, just have to be very cautious.

Sue_C

The latest version of SiteLink StandAlone offers PCI certified credit card processing. SiteLink re-certifies every year as a Payment Card Industry-Data Security Standard (PCI DSS) Level 1 Service Provider. This is the highest level of software and server security certification and ensures credit card data is stored, processed and transmitted in a secure and protected manner.  Ron makes excellent points about computer security in general. A cloud-based system can actually offer a higher level of security than a PC-based one managed yourself. Keep in mind that any computer you use should have an antivirus program installed and/or a firewall. Here is a handy jargon-free guide to computer and internet security that may be helpful for those with little experience in these matters.