Don Sedlacek, Vice President of Claims, MiniCo Insurance Agency, LLC
Look Who’s Talking
What do Yahoo, Adult Friend Finder, eBay, Equifax, Heartland Payment Systems, and Target all have in common? They all secured a top spot on a list of the largest (or most significant) data breaches of the 21st century.
According to CSO from IDG
Communications, Inc., which provides news, analysis, and research on security
and risk management, in October of 2017, Yahoo acknowledged that all three
billion of its user accounts had been compromised in a 2013 data breach.
In October of 2016, hackers exploited
a vulnerability in Adult Friend Finder’s security and collected 20 years of
data on six databases, thus impacting 412.2 million accounts.
eBay’s database was hacked in May
2014, exposing information about all of its 145 million users.
Personal data (including Social
Security numbers) of 145 million people was stolen from Equifax, one of the largest
credit bureaus, in July 2017.
In March 2008, 134 million credit
cards were exposed through an SQL injection that installed spyware on Heartland
Payment System’s data systems. At the time of the breach, the company was
processing 100 million payment card transactions per month for 175,000
merchants, mostly small- to mid-sized retailers.
Last but not least, Target’s data
breach in 2013 compromised the personal identifying information of
approximately 110 million customers. The company recently estimated the cost of
the breach at $162 million.
Is Self-Storage Safe?
While the data breaches mentioned above all involve large, nationwide companies, self-storage businesses are not immune to cyberattacks. In fact, as self-storage facilities continue to offer their customers more internet-based services and options, such as online reservations, online payments, and customer portals, their vulnerability to cybercrimes increases.
Besides a facility’s computer system and security system, which nowadays
are typically connected to the web, there are countless Internet of Things
(IoT) devices that hackers could infiltrate in order to steal private
information. An IoT device is defined as any
nonstandard computing device that connects
wirelessly to a network and has the ability to transmit data. Therefore,
the smart TVs in a self-storage facility’s conference room and/or office aren’t
off limits to cybercriminals. Likewise, smart locks and smart garage door
openers could be hacked. Essentially, the more IoT devices that are utilized,
the greater the risk. And the unsettling reality is that hackers find and
exploit weaknesses, so it’s imperative to protect yourself from cyber
Although self-storage may not seem like a hacker’s usual target, Don
Sedlacek, vice president of claims for MiniCo Insurance Agency, LLC, reminds owners
and operators that rental agreements may contain sensitive personal
information. Similar to hard copies of rental agreements, which are to be kept in
locking file cabinets, self-storage facilities must be diligent about
protecting the personal identifying information that is stored within their
computer systems and/or cloud storage sites and maintaining security through
frequent system checks and scans. Of course, any issues or potential problems
should be fixed immediately.
“There is a need for cyber liability protection,” says Sedlacek.
“The exposure may not be as great for self-storage, but the need is there.”
The Costs Of Cybercrimes
Obviously, the greater the number of customers’ records that are lost, stolen, or exposed, the more it will cost to remediate. Research by the Ponemon Institute, through its 2016 Cost of Data Breach Study, estimated the average cost of a data breach to be over $7 million.
Sedlacek notes that there are several requirements companies must
meet in the event of a data breach, all of which come at a price. For starters,
a business must make repairs to its system to prevent more damage from being
done. Unfortunately, additional issues may be detected when repairs are
happening. Recovering and restoring missing data also takes time (aka money). Tech
support and faulty equipment replacements are just two of the costs that fall
into the system repairs category. Companies may also need to hire a
professional to investigate the data breach or cybercrime in an effort to hold
the cybercriminal responsible for the damage.
Another loss to consider is the impact of business disruption. Managers
may not be able to accept new tenants or sell retail items if the self-storage facility’s
management software is unavailable due to repairs, and rental payments may be
left unprocessed as well. It is even possible that the facility may need to
remain closed until the problems are resolved, especially if the site’s access
control system was jeopardized.
Then there are the costs associated
with notifying the individuals affected by the data breach, providing credit
monitoring, repairing individuals’ credit scores and/or identities, and dealing
with possible lawsuits. There may be fines as well. Data breaches can attract fines from the Federal Communications
Commission, Federal Trade Commission, Health and Human Services, the Payment
Card Industry Data Security Standard, and other regulatory agencies.
“Legal expenses can escalate quickly,” says Sedlacek, adding that
sometimes an expert or attorney must be hired to restore an individual’s credit
or identity. “It doesn’t change overnight,” he says. Personally, Sedlacek knows
of individuals whose lives were so disrupted from data breaches and identity
theft that they had to obtain new Social Security numbers to start over with a
What’s more, data breaches impact a company’s brand and
reputation. Before the dust begins to settle, many companies spend top dollar
to combat negative publicity, mitigate damage, and prevent a loss of customers.
This usually involves hiring a public relations firm or PR specialist to deal
with the media and handle the flood of phone calls.
Cover Your Assets
In response to the ever-increasing number and types of cybercrimes, insurance companies have begun offering cyber liability coverages. These new policies address various kinds of exposures to protect policyholders.
First-party coverage provides protection for business
interruption, crisis management, extortion/threat, and privacy and generally covers
expenses incurred by the self-storage facility such as customer notification,
credit monitoring, credit and identity repair, and computer and legal forensic
Third-party liability coverage is another option. It covers
security (failure of network security to prevent hacking or the transmission of
computer viruses); privacy (failure to protect confidential or private
information); media/content such as copyright infringement, libel, slander, and
other forms of disparagement; and regulatory actions brought by state and/or
federal agencies to enforce privacy regulations.
“If you haven’t already thought about it, or discussed it, do it
now,” says Sedlacek, who advises self-storage operators to reach out to their
insurance agents. “Contact your agent to discuss it.”
Up Your Game!
When it comes to protecting the sensitive information of your company and its customers, remember this sensible adage: An ounce of prevention is worth a pound of cure. As the businesses on the data breach list can surely attest, their money and efforts would have been better spent on security measures to prevent the data breaches from happening.
With that being said, take the time to make cyber security a
priority at your self-storage facility. In addition to cyber liability
coverage, here are some basic ways to prevent cybercrimes from damaging your
Use websites with secure connections; look for
the green padlock symbol.
Utilize payment vendors and facility software that
have earned Payment Card Industry Data Security Standards (PCI-DSS)
Review the agreements and/or contracts of online third-party vendors to ensure
that they contain a Hold Harmless clause in reference to data breach.
Follow smart password protocols such as creating
strong passwords and changing them frequently.
Regularly back up your data and store the
backup(s) at a secure location off site.
Purchase trusted security/anti-virus software
and run scans/checks on a regular basis.
Purchase data encryption software.
Hire a professional to evaluate your business’
network and correct potential issues.
Sadly, cybercrimes will continue to derail businesses and their customers as the internet becomes a more prominent part of our lives. Therefore, it’s best not to leave your cyber security to chance. Create a comprehensive plan that utilizes both prevention and protection. Your independent agent can be a critical source in navigating the challenges related to this complex and potential costly exposure. Work with your agent to review your various cyber exposures and obtain the proper coverage.
Top Five Risks For Mid-Sized Companies
Erica Shatzer is the editor of Mini-Storage
Messenger, Self-Storage Now!, and