Texas Self Storage Association has served its self-storage industry members since 1986.  Headquartered in Round Rock, Texas, TSSA is the leading expert in self storage in the state of Texas.  Whether you're an owner, operator, manager or employee,  TSSA's blog will provide you with the latest tips, advice and knowledge for running your self-storage business. 

A Safe Place
What Your Facility Needs to Ensure Its Safety
by Tracie Seed

Injury. Vandalism. Theft. Drugs. Prostitution. Aggravated assault. Rape. And even murder. While you may think this is a recap of an episode from NCIS, it is actually a list of things that can, and have, happened at self-storage facilities across the country. So how can you keep yourself, your employees and your property safe? It’s a matter of proactively utilizing safety equipment, tailoring business policies to your facility’s needs and taking a common-sense approach to thwart, or even prevent, unsafe or criminal activity. 

SURVEILLANCE

Video systems installed inside and outside the facility, including parking lots, can help monitor suspicious activity from tenants and the public as well as employees. In addition, the video system can record instances of any physical or verbal abuse or harassment towards employees or visitors. If an angry customer denies yelling at and threatening a manager, you will have undeniable proof of the incident. The same is said for an out-of-control manager who treats your customers poorly.

Stanley Crossman, owner of five facilities with the name The Attic Self Storage in Dallas and surrounding areas, says burglary often happens in broad daylight by employees of companies storing items at his facility. “For instance, a guy who worked for a pool company was coming in and stealing things out of his employer’s unit,” he explains. “Once the business owner realized he’d been robbed, it was obvious that it was an inside job, since the lock wasn’t broken.” Cross- man states that initially his facility was blamed for the theft, but after reviewing video footage, it was clear that the pool company’s employee was the culprit.

Both Crossman and Michael Postar, owner of 13 facilities in Lubbock and Wolfforth, including Michael Postar’s Affordable Storage and Michael Postar’s A-Plus Super Storage, strongly suggest having one or more cameras as well as monitors in the office to provide a broad scope of the property. Managers can watch the property as a whole and the cameras dissuade both visitors and employees from engaging in criminal behavior. “If something happens, you can pull up various sections of the video and look at the timestamps. You’ll know who has come and gone,” says Crossman. Reviewing video footage on a regular basis will also help you catch undesirable activity early before it gets out of control. Crossman says that if he notices an access code being used more than normal, it is a red flag to check out what’s going on during that time and monitor activity more closely.

Postar has audio recording equipment in his facilities as well as panic buttons under the desks. “We display signs saying that there are cameras on the property and monitors in our office. These act as a deterrent to criminals,” he explains. Postar says that he has used both audio and video footage to protect his staff from aggressive police officers looking for information or wanting to enter a unit without a search war- rant. “First thing I tell my employees to do is to call the corporate office and not engage with the police,” Postar says. “Once we get them on the phone, we let the officers know that they are being videoed and audio taped, and that usually calms them down.”

In addition to these safety measures, it’s important for onsite managers and staff to keep their eyes and ears open. Get to know customers. Greet them at their units when they are moving in. Walk the property daily and look for signs of intrusion or questionable items left outside units, in the parking lot or near the dumpster. For example, look for cut locks, drug paraphernalia or lights and sounds coming from a closed unit. Monitoring surveillance footage on a regular basis can help you prevent further crime or uncover the source of criminal behavior.

LIGHTING AND ACCESS

Todays self-storage customer, especially in the larger markets, expects a tech-based security system. Not only do owners who dont have a solid system in place risk the occurrence of criminal activity, they also risk losing customers to another facility that has these features in place.

Both Postar and Crossman point to security lighting as an important and necessary feature a facility should have. “Most of the time, people break into a unit at night,” Postar points out. “Ample lighting serves as a deterrent because the last thing criminals want is to be seen.” Crossman uses LED lights, which he sets on a timer from sundown to sunup to illuminate his facilities, focusing on the perimeter and hallways. Crossman says that while the initial investment to replace all his lights with LED bulbs was a bit pricey, he believes it was a worthy investment. “I cant express enough how much better LED lights are than my old system,” he says. “They are much brighter, and they last longer.” Motion-sensor lighting has the added benefit of turning on the second someone crosses its path. For added protection, install these devices in areas where criminals may try to hide—in bushes, dark alleys, entrances, parking lots and dumpsters. Once exposed by an unexpected illumination, most criminals will immediately leave the scene.

Crossman says a secure gate system is a self-storage facility must. “When I started in the business in 1974, the best gate security system available was a chain link fence with a lock,” he recollects. “Now, gates are automatic and you can prevent people from entering.” In addition to limiting unwanted access, an automated gate system allows for a timestamp on who is entering and exiting the facility. If a tenant comes in several times a day or is coming in late and staying longer than usual, these behaviors are red flags. “You want to know who’s coming and going and how often,” he advises. “Someone might be coming in periodically throughout the day, which means they might be making meth or engaging in prostitution. You’ll need to keep a close eye on them!”

“I also require my tenants to use the round Chateau locks, which are made of hard steel that’s difficult to cut or grind down,” he explains. “Criminals want to quickly clip a lock, grab and go. This type of lock slows them down or they might decide it isn’t worth the risk to try.” As another defense, Postar locks each unused storage unit with regular locks. These locks prevent easy access of empty units to criminals. Also, if any of these locks are cut, this serves as a red flag that someone is trying to break in.

Advanced technology plays a big role in today’s controlled access security options. In late 2018, Janus International announced a new Nokē® Smart Entry System. This system is a Bluetooth electronic lock that allows customers to easily access your facility and their unit all from using a smart device. In addition, the Nokē® Smart Entry System incorporates digital key sharing, where tenants can go into an app on their phone and grant anyone temporary access to their unit. The digital key can be revoked at any time, and an activity log keeps track of exactly when the unit was accessed during the key-sharing time frame.

In addition, the system allows man- agers to set custom access hours for individuals and grant access to maintenance crews or other staff. There are a number of property management soft- ware companies that are fully integrated with the Smart Entry System, including TSSA members Easy Storage Solutions, SiteLink, Storelocal and storEDGE. “Our Smart Entry System offers self-storage facility owners and operators unprecedented levels of security and access control,” says Terry Bagley, Pres- ident of the Door Entry and Facility Automation division, “The natural next step was to integrate with a wide variety of property management systems, and in doing so, streamline the rental process to allow site managers, as well as customers, the opportunity to interact with their sites and units in an elevated way the industry has never seen before.”

POLICIES ON CASH AND GATE HOURS

While you may have your safety devices in place, in order to secure your facility, it is imperative to implement some policies and procedures as well. Postar, like many facility owners and managers, requires staff to keep no more than $200 in accessible cash. “If you have a lot of tenants who pay in cash, you need to make bank deposits on a daily basis to get it off property,” he says. “You don’t want several thou- sand dollars coming in over the course of a few days and holding onto that in the office.” If it is widely known that you are a cash facility, you are putting yourself at risk.

Rather than being open 24 hours a day, both Crossman’s and Postar’s facilities have set gate access hours. Crossman has a strict 9:00 p.m. lock- down, while Postar’s gates are open from 6:00 a.m. to midnight. “Anything happening after 1:00 a.m. is just trouble. Most break-ins are at 3:00 a.m., right in the middle of the night,” says Postar. While Postar typically gives 24- hour access to a reputable business that needs it, Crossman has a policy to not work with limousine companies and delivery trucks. “If anyone wants in after 9:00 p.m., I have to wake up the manager, who lives onsite,” he explains.

Postar suggests more safety policies to consider. He doesn’t put his staff members' last names on their badges or business cards. In addition, the business cards list several employees’ names on them rather than a specific person. “We don’t want tenants or criminals tracking down our managers via the Internet and finding out where they live,” Postar explains. He also asks his managers to carry cell phones and to make copies of customers’ IDs before showing them a unit. Another option would be to keep a customer’s ID in a locked drawer to be returned to them after a unit tour.

COMMON SENSE

For the general safety of your property, tenants and employees, Crossman says to take a common-sense approach. “Repair driveways as needed and have fire extinguishers throughout the property,” he says. Postar concurs that a clean, well-appointed facility doesn’t attract people of questionable character. Thieves know what to look for in a vulnerable property—a broken fence, neglected repairs or darkened areas. “A nice outside appearance says that you run a reputable facility,” Postar says. “Criminals will want to stay away.”

In addition, if your property is kept up to standards, anything out of sorts will be more readily discovered. If you feel uneasy, both facility owners say that you need to follow your gut and keep calm. You can get a vibe really quickly if something is wrong and you have to pay attention,” Postar says. “Managers typically know who the regular customers are. If someone new comes in asking strange questions that a regular self-storage customer wouldnt, like about the facilitys structure or staffs schedule, thats a red flag that some- thing is going on.” At this point, quickly end the conversation. Postar says that for this and other safety reasons, it is good to always have a manager and assistant manager on duty, so there is backup if something goes wrong.

Choose what features fit your facility’s needs, implement them and use them to their fullest capability. If you can’t have a gate system, have the best video surveillance you can afford. If your facility is in a high-crime area, up the restrictions on access and add additional motion-sensored lighting. While unexpected safety issues occur on a weekly, even daily, basis, you can be proactive to ensure that your facility is a safe place.

What Your Facility Needs to Ensure Its Safety

Is Your Data Secure?

Finding Your Way Through the Maze of Cybersecurity

by Jennifer Jones

When it comes to data security, most self-storage owners believe that with basic firewall protection, their data and their tenants' data are secure. Some use third-party systems that have security protections in place when transmitting data. However, most owners believe that they will not be targeted by a cybersecurity attack. But that isn’t just self-storage owners; small-to-medium-sized businesses share the belief that they’re too small for cybercriminals to target them.

According to a study by Ponemon Institute and Keeper Security, “Fifty-eight percent of respondents believe ransomware is a serious financial threat and are concerned that negligent employees put their company at risk, but only half (50 percent) say prevention of such attacks is a priority. Many are not confident that their current anti-virus software will protect their company from ransomware.” The businesses in the study employ between 100 and 1,000 people. Most of the companies that participated in the study experienced a cyberattack or data breach with severe financial consequences losing an average of 9,350 individual records as a result of data breach.

TYPES OF ATTACKS

 According to the study, cybercriminals varied their methods between 2016 and 2017. “Phishing/social engineering has replaced web-based attacks (48 percent and 43 percent of respondents, respectively) as the most frequent type of attack. Compromised/stolen devices and denial of services attacks increased from last year’s study (30 percent and 26 percent, respectively).”

Ransomware is one of the most common I’ve heard about hitting the self-storage industry. There are two types of ransomware attacks:

  • Encrypting ransomware, which incorporates advanced encryption algorithms. It’s designed to block system files and demand payment to provide the victim with the key that can decrypt the blocked content.
  • Locker ransomware locks the victim out of the operating system, making it impossible to access the desktop, applications or files. The files are not encrypted in this case, but the attackers still ask for a ransom to unlock the infected computer.

Ransomware can be unleashed in a variety of ways: phishing/social engineering, insecure or spoofed website, social media, malvertisements and more.

Cybercriminals typically encrypt your data and hold it ransom, leaving the self-storage owner to ask themselves, “Do I pay or not?”

Among the participants in the study, of those that didn’t have full backups, about 60 percent paid, with the aver- age ransom being $2,157. If they didn’t pay, it was because they had a full backup or didn’t trust that the criminals would release the data.

WHERE ARE YOU VULNERABLE?

According to the study, “data breaches due to negligent employees or con- tractors (54 percent of respondents) increased significantly from 48 percent in 2016. This is followed by third-party mistakes (43 percent of respondents) and errors in system or operating processes (34 percent of respondents). However, almost one-third of respondents say their companies could not determine what caused the incident.”

The main points of vulnerabilities are mobile/Internet of Things (IoT) devices, laptops, smart phones, cloud systems, Intranet server, Web server, desktops, tablets, portable storage devices and routers.

IoT vulnerabilities include in-office wireless-based printers and other devices. Use of cell phones and tablets to access business-critical applications and IT infrastructure are also vulnerabilities.

EASY SECURITY FIXES

Company information isn’t just vulnerable to cybercriminals; it’s also vulnerable to employees and anyone else walking into your facility. There are several things you can do that cost little to no money.

  • Have and enforce a password policy. It’s the easiest and most affordable security measure there is.
  • Ensure that everyone logs out of the computer and locks up any filing cabinets before walking away from the desk.
  • If you have multiple employees, ensure that they all have their own passwords.
  • Install a firewall.
  • Install anti-malware.
  • Back up everything to an external device or to the cloud.

USING A THIRD-PARTY

If you use a third-party solution to take online payments, most have some sort of encryption protection before the sensitive tenant information is sent through the system.

Easy Storage Solutions co-founder Jimmy Sorenson says, “Credit card numbers and social security numbers (if collected by the facility) are encrypted before the data hits our servers.” The Storage Unit software servers have their own security and host through Amazon’s AWS, which is a cloud- based solution.

“Our software also allows for different people to have different access levels so a regional manager can have different access than a store manager.

“We also carry access control products and keypad entry, which integrates with our software. People get excited to be able to offer pay options where a tenant can swipe their credit card at the gate. However, we’ve never done that because people can install skimming devices and it’s another vulnerability, which would create a breach.”

BEST SECURITY PRACTICES

  • Don’t write down credit card or social security numbers and store locally in filing cabinets or on a computer. (Against PCI regulations.)
  • If a lease asks for a credit card, don't include the card numbers on a lease.
  • Don’t store credit card numbers in random places (including in an email), even in your database, if the field isn’t encrypted.
  • Don’t use repeating numbers for gate entry codes (ex: 1111).
  • Don’t browse questionable web- sites. Some facilities provide tablets for employees to use for browsing.
  • Back up your data to something that is offsite at night. Backing up to a USB and leaving it in the computer isn’t a secure backup, or backing up to a hard drive and leaving it in the facility risks it being burned in the case of a fire, or stolen during a break-in. The most secure backup is with a third-party service such as Carbonite or Backblaze which back up your whole computer.
  • Educate employees about not opening questionable emails, clicking on links when they don’t know who an email is from, surfing unknown or questionable sites, or downloading things from unknown origins.
  • Install spamware.
  • Install a firewall.
  • Minimize the amount of personally identifiable information (PII) that is collected from customers to reduce the impact to customers in the event of a data breach (which reduces liability).
  • Use a web-based software to minimize the amount of customer information that is stored locally on a PC.
  • Work towards a paper-free office environment where all paper files are scanned and stored on a secure server.
  • Existing paper files should be kept in locking cabinets.
  • Conduct regular user audits of your systems to ensure that all user access levels are correct and that ex-employees have been removed in a timely manner.
  • Questions you should ask your third-party provider:
  • Are you PCI compliant?
  • Do you encrypt data?
  • Do you use tokenization?
  • Do you offer SSL certification (if the vendor provides your website)?

While some software is sold as Software as a Service (SaaS), some third- party software is installed on your computer. QuikStor Security & Software offers a one-time purchase PC version. “The whole database is password protected, so a criminal would have to hack into the database to capture the tenant information like address, date of birth, etc., but the credit card fields are encrypted,” says April Lee, business development consultant for QuikStor. “The encryption means that a tech agent who can get in and help trouble- shoot information on your database wouldn’t be able to see the encrypted information in those fields. We also don’t store credit card information. We use a tokenized system, which means that once the software sends the card number to the credit card processor, the credit card company responds with a token that is specific to that facility and uses that instead.”

While each company will have their own security measures in place, QuikStor has a hybrid of both onsite and cloud-based servers. Even though their physical servers are in an offsite server location, only two people at QuikStor have access to enter where their servers are stored. “Everything is backed up offsite,” says Lee. “We have one server for cloud and one for offsite backup.” The duplication strategies that many technology companies have is so they are able to retrieve data if it’s compromised or if something crashes. Multiple backups and being able to fully restore from a backup is critical for business continuity.

Lee says that during her time with QuikStor as a tech, she talked to customers who had their software on their own computers. However, they didn’t have a backup and didn’t always subscribe to a backup service and then lost the data.

“We do have a feature on our software that logs people out during overnight processing,” says Lee. “So if someone breaks in during the night, they won’t be able to walk over to the computer and easily have access to the data. Except with the basic version of our software, you’re able to create individual passwords so every employee has their own log in. We also have audit reports to monitor and pre- vent employee theft. You can set the software to rent the oldest unit first to keep employees from taking cash from friends and allowing them to rent units off the books. There are also extensive unit controls so your employees can’t see reports and can customize what an employee can and can’t do.”

SECURITY YOU CAN’T SEE

Criminals continue to use ever-changing methods to make a quick buck. A survey of cybercriminals showed that they are looking for easy “typical” IT security that takes less than 24 hours to access. While we hear about the big data breaches of Uber, Yahoo, Marriott and others, most of the attacks are on regular businesses. But even basic security measures, policies and 
procedures can help protect your business and data from employee theft, a break-in, natural disaster and cyber- criminals.

Jennifer Jones is managing editor of Self- Storage News and owner of JKJ Marketing in Austin.


 

 

 

 

 

Is Your Data Secure?