Don’t Overlook These Security Measures at Your Self-Storage Facility

Implementing the right security measures is essential to the success of any self-storage company. A self-storage facility’s main job is to give your clients space to store their belongings while ensuring their property is protected within reason. Your clients must know you take security seriously or they will not trust you to store their belongings. There are a number of areas where self-storage facility owners overlook their security needs and not fixing them will lead to increased liability for your company.

Here are three areas self-storage owners overlook their security and how they can improve it:

1. Security cameras

You would be surprised how many self-storage facilities are working with either old and outdated CCTV systems or none at all. Installing a modern security system is a great way to improve onsite security. Modern security cameras give you better picture quality and recording tools to monitor who comes in and out of your facility. Cameras give visual evidence in case of theft as well as serve as a deterrent for prospective thieves. Every self-storage facility should have an up-to-date camera system installed.

Jason Fischbeck, Owner of smart technology company Automated Environments said self-storage owners have begun to install camera systems that can track license plates a recognize faces.

“A truly smart camera system can recognize if the people on your property are tenants or not,” Fischbeck said. “A camera that can record license plate numbers is going to make it easier for your team to know if someone should be on your property or not.”

Fischbeck also said that you want to avoid cameras that are simply motion sensor activated. Motion sensor cameras will turn on if any animal enters your space which could easily use up any video storage space you have. CCTV systems should also have night vision technology since most people are not going to break into your facility during work hours.

The camera system should be wired as opposed to wireless to avoid camera outages due to Wi-Fi connectivity issues. Cameras should be installed in every doorway, rollup, and walkway; however, make sure cameras are not pointed at your tenants’ storage space. Tenant privacy is important and you should not be able to see what they are storing.

2. Physical security

Many self-storage facility owners forgo a physical security presence as well as a visual one. A secure self-storage facility uses a capable private security company to protect your tenants’ property.

Cameras are great but they lack the physical presence to engage with a real-life event. Hiring the right security team can prevent break-ins in real-time. A prospective burglar will not want to mess with a place that is being patrolled by properly trained security.

Actual people overseeing you and your tenants’ property are going to be the biggest deterrent for theft.

Ensure that you hire a security team that knows how to deescalate. You want a security team that will not start a fight over property but won’t just allow someone to steal your tenants’ things.

The security team should be properly licensed by your state. Hiring an unlicensed security team is a massive liability so don’t do it.

3. Handling sensitive documents

No business is free of sensitive documents and a self-storage facility is no exception. Any self-storage company will have sensitive business data, tax data as well as employee and tenant information that if stolen by the wrong people will put their info at risk. You have to have a place to store those physical documents.

Jerry Dilk Senior Consultant for secure document storage company Data Storage Centers said that sensitive documents should be kept inside of a secure room.

“You don’t want to just put sensitive information in a storage bin, you want all sensitive information in a secure room that is monitored,” Dilk said. “That means you know who and when someone enters and leaves the room as well as what documents they looked at.”

Dilk went on to say that you should have a system that lets you process what documents are stored there and when they are stored and removed. Keep a list that clearly labels how long each sensitive document needs to be stored and when it must be destroyed.

When it is time to destroy your important documents it is important that you destroy them securely using a professional document destruction company.

Your tenants’ properties are only as safe as the security measures you create. Take the time to set up a security plan that integrates a modern CCTV system, hires licensed private security, and protects important documents. Do these things and you will show your tenants you take protecting their property seriously.  

Bill Herzog is the CEO of Lionheart Security Services in Tempe Arizona. He is an expert in private business security and has over 25 years of law enforcement experience.

The Newest Cyberthreat Self-Storage Operators Need to Watch Out For

Malvertising, or malicious advertisingis a cyberattack technique that injects malicious code into digital ads. Difficult to detect by both internet users and publishers, these infected ads are usually served to consumers through legitimate advertising networks. 

Malvertising uses what looks like legitimate online advertising to distribute malware and other threats with little to no user interaction required. Because ads are displayed to all website visitors, virtually everyone exposed to these malicious ads is at risk of having their device compromised if proper precautions are not taken.

How Does Malvertising Work?

In some cases, malicious actors will compromise a third-party server, which allows the cybercriminal to inject malicious code within an advertisement, such as banner ad copy, creative imagery or video content. Recently however, Google Ads have become increasingly used by malware operators to spread malware to unsuspecting users searching for popular products. Cyber criminals purchase advertisements that appear within internet search results using a domain that is similar to an actual business or service. 

When a user searches for that business or service, these advertisements appear at the very top of search results with minimum distinction between an advertisement and an actual search result. These advertisements link to a webpage that looks identical to the impersonated business’s official webpage.

These malicious advertisements have been used to impersonate the the websites of popular products and services such as cryptocurrency exchanges, Notepad++, Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, Audacity, μTorrent, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird and Brave to name just a few. 

By impersonating the official websites of popular products and services, threat actors distribute trojanized versions of software. A trojan is software that appears to be one thing (e.g. a legitimate software application), but actually is malware. Google Ad campaigns are being used to distribute malware in the guise of legitimate software tools.

Deceptive Links

Google has controls in place to prevent ads from being displayed that include links directly to sites that host malware. To circumvent this control, cyber criminals will typically send anyone who clicks on one of their malicious ads to an intermediary site first, and then redirect the visitor to a web page containing the malware which is often hosted on Github, Dropbox or OneDrive. 

This activity often makes use of seemingly credible websites with typo-squatted domain names that are surfaced to the top of Google search results in the form of malicious ads during searches for specific keywords. The moment one of these disguised sites is visited by a victim (one who actually clicks on the promoted search result), the site immediately redirects them to the rogue site. From there they are redirected to the malicious payload.

The ultimate objective of such attacks is to trick unsuspecting users into downloading and installing malevolent programs or potentially unwanted applications.

How to Protect Yourself From Malvertising

Having a high-quality and up-to-date antivirus program will go a long way towards detecting and stopping many types of malware. You may also consider using ad blockers, however there are workarounds hackers can exploit that will still leave you vulnerable.

Beyond that, storage operators and staff should keep an eye out for suspicious ads and browse the web mindfully. Take the following steps to avoid accidentally falling into a malvertising trap:

  • Before clicking on an advertisement, check the URL to make sure the site is authentic. Note that a malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
  • As the first few results on a given search term are usually promoted ads, it is safer to skip them and scroll down until you see the project’s official website search result and use that instead.
  • Rather than search for a business or financial institution, type the business’s URL into an internet browser’s address bar to access the official website directly.
  • If you visit a website frequently, bookmark its URL and use that to access it instead of searching for it every time.

Self-Storage Subject to Price Gouging Laws Following Hurricane Ian

The devastation wrought by Hurricane Ian led governors in several Southeastern states to declare a state of emergency—a move that has a big impact on self-storage operators when it comes to setting prices.

The declarations triggered price-gouging laws that could put temporary limits on self-storage rental rates in some jurisdictions, according to a newsletter recently published by the national Self Storage Association. 

The recent declarations were made in Florida, Georgia, North Carolina,South Carolina and Virginia. All 50 states have price limiting measures that go into effect during a state of emergency, however not all are applicable to self-storage operations. For this reason, the SSA advises any operators affected by a state of emergency to consult with an attorney before making rate changes. 

For operators not currently impacted, now is a good time to review the law in your state so you are aware of your limitations the next time a disaster strikes. Conducting a review of the law now will help you mitigate your risk of running afoul of any anti-gouging laws unintentionally in the future.

Anti-Gouging Laws in Effect

According to Inside Self Storage, the anti-gouging laws currently in effect following Hurricane Ian are as follows:

  • Florida: The price-gouging statute is in effect statewide and prohibits charging an “unconscionable price” for self-storage units. Violators are subject to $1,000 per incident up to $25,000 for multiple violations. 
  • Georgia: Businesses are prohibited from selling at higher prices, unless the increase reflects an increase in costs incurred by the seller for providing specific goods or services.
  • North Carolina: Prices cannot exceed the average amount charged by the seller during the 60-day period preceding the emergency declaration.
  • South Carolina: Self-storage facilities may not charge an unconscionable price during the duration of the state of emergency. 
  • Virginia: Storage facilities may not charge an unconscionable price for 30 days following the declaration of a state of emergency. 

Avoiding Financial and Reputational Risk

Remember, customers can submit complaints to the state if they believe your business is violating the anti-gouging laws. The best way to avoid fines is to:

  • Avoid raising rental rates during a state of emergency until you consult with an attorney first.
  • Pause automatic rental increases on existing customers during the state of emergency.

Potentially worse than government fines is the reputational damage your company could face if caught breaking price-gouging laws. Such an event could be a PR nightmare for your company and erode the trust you’ve worked hard to build with your tenants.

Navigating Anti-Gouging Laws

If you want to avoid such a predicament, be very cautious about raising rates during a state of emergency. A slight miscalculation could end up being a costly mistake in terms of fines and lost business due to negative publicity. Avoid this major financial risk by consulting with your legal counsel before you raise storage rents.

4 Keys to Increasing Tenant Insurance Coverage

Boosting the number of tenants with insurance coverage is first and foremost about protecting the reputation of your self-storage facility. 

For example, If an unexpected event damages several of your units, tenants without insurance are left without compensation for their stored items. Even though the rental contract makes it clear that you are not responsible, customers will still often put the blame on the facility.

A risk management-based approach seeks to avoid such reputational harms by looking out for your customers’ best interest. By making sure every tenant has coverage, you can protect your business and your customers at the same time. 

But consumers these days are watching their budgets, and some might resist any fees that they see as unnecessary. So how can you overcome this predicament and get more of your tenants enrolled in an insurance plan?

Here’re are four practices to help you close the coverage gap:

1. Require proof of insurance

It may seem like a hassle, but requiring proof of insurance could potentially save you from dealing with bigger problems down the road. If a customer doesn’t want to enroll in the plan you offer, they can provide proof of coverage from their homeowner’s or renter’s policy. 

2. Train your staff

Training your staff to properly explain the benefits of tenant insurance is essential to success. An overly strong sales pitch will likely cause customers to retreat. Instead, make it clear that tenant insurance is required for the rental and everyone gets it. 

Furthermore, tenant insurance often provides better coverage and a lower deductible than some homeowners policies. In some cases a tenant’s deductible may be more than the value of their damaged items when using their own insurance. Being able to explain this value to the customer at the point of sale is something that you must train your staff to do well.

3. Upgrade your website

If you are offering online move-ins on your self-storage website, make sure you can enroll tenants into tenant insurance as part of that process. Getting them to sign up or provide proof at a later time can be a pain in the neck, and will have your employees spending too much of their time trying to chase down tenants for paperwork.

4. Use technology to your advantage

If tenants slip by without providing proof of coverage, this can create a risky situation for you. Using a tenant insurance platform that integrates with your facility management software makes it easier to keep track of each tenant’s coverage status and find those that aren’t complying with your policy.

Take steps to boost enrollment now

The bottom line is, the more renters you can enroll into a tenant insurance or protection plan, the better insulated you’ll be from any blowback that might occur in the event of a cataclysmic event. Use the tips above to help you close the tenant coverage gap.

The Importance of Cybersecurity Training for Self-Storage Teams

An estimated 30,000 websites are hacked each day. Don’t let your facility website be one of them.

In 2021, businesses experienced a 50 percent increase in the number of cyberattacks each week compared to 2020. Security experts warn that the rate and sophistication of such attacks are expected to rise.

As self-storage operators increasingly move towards online rentals, they are becoming more and more of a target for cyber attacks. Such attacks can compromise customer data and the damage can cost operators thousands of dollars to repair. Some attacks use a type of computer virus called ransomware to take control of your machine and hold it for ransom. Needless to say, any kind of cyberattack is bad for your business.

Identifying Cyberattacks

Most cyberattacks succeed due to a lapse in human judgment. For example, “spearphishing” attacks involve sending a personalized message to a target that imitates a genuine communication from a trusted source. Such messages commonly encourage the victim to click on a link. This often leads to the log-in screen of a spoofed website (of a bank or software service for example), where the victim types in their username and password.

Falling victim to an attack like the one described above can be detrimental to your business. Once a hacker gains credentials to one of your accounts, it is very often a matter of time before they can infiltrate others. This is the primary reason why it is never a good idea to use the same password for multiple accounts.

Aside from adhering to secure password protocols, the best way to prevent attacks is by training your self-storage staff to identify them.

Why Your Storage Facility Needs Cybersecurity Training

Your front office staff is often the first, and last, line of defense against cyberattacks. Without proper training, it is easy to be duped by spearphishing and other types of attacks that use social engineering

In the example provided in the previous section, a trained employee would hover over the link before clicking it to read the URL. They would then immediately notice that the web address is suspicious and not click through. The employee would flag the message as suspicious and report it, and potentially save you thousands of dollars and days of stress as a result

Spoofed websites are made to look real, but the URL will not be the same as the legitimate site. For example you might get a message claiming to be from LinkedIn that your password needs to be reset. You click on the URL and see that it starts with “linked-in.com” instead of the correct spelling. That is a sure sign you just landed on a suspicious website that is trying to steal your information.

Spotting phishing attempts isn’t so hard, once you learn what to look for. This is why requiring all employees to complete at least one cybersecurity training session each year is strongly recommended. 

Putting Cybersecurity Training into Practice

The more cybersecurity training you can give to your employees the better protected your operation will be. Training can be conducted online, with different companies providing educational platforms to businesses. Training consists of different modules, or lessons, that take place through a series of slides, vidoes, quizzes and interactive scenarios.

You can also set up occasional phishing tests to see how your employees respond to a simulated attack. If they fall for such tests, it is a sign you need to step up their training.

A good place to start is Google’s free phishing simulator. Here you can test your skills separating malicious email messages from safe ones.

Below are some more resources for cybersecurity training worth considering: