A Self-Storage Operator’s Guide to Cyberattacks

More self-storage operators are online than ever before, and in the last few years, many have increased their reliance on digital services. Some are incorporating technology for the first time.

For those increasing their online capabilities, the benefits are immense. With better communication tools, access to leads, automated workflows and the ability to rent units any time of day or night with a facility website, operators are using technology to run more efficient and more profitable businesses.  

But at the same time, they are dealing with more cyberattacks. As the rate and sophistication of attacks grew dramatically during the pandemic, it’s likely that some operators were unprepared for the rising tide of cyberthreats.

But we’re in the business of helping operators run their businesses better, so let’s look at which types of cyberattacks can occur. 

Ransomware attacks

A ransomware attack is a form of cyber extortion in which a malicious actor encrypts your data and holds it for ransom. Attackers install malware on your system that enables them to take control of computers connected to your network. In order to regain access to your systems and decrypt your data, you must pay a certain amount of money to the attackers. 

Ransoms typically start at $5,000 and can go up to six figures. According to a 2021 survey from security firm Sophos, the average ransom paid in 2021 was $170,404. Total recovery costs are much greater, ranging from around $760,000 in 2020 to $1.85 million last year. 

How do you prevent ransomware attacks?

Ransomware is typically delivered unbeknownst to the user through phishing emails or malicious websites. As it only takes a click on the wrong link, training employees to spot fraud is your first and best line of defense.

Once the code is executed on the target device, a hidden link between your network and the hacker is established. An attacker might wait a few days, or even months before activating the attack. In the meantime, the program will continue to scan your systems in search of data to encrypt and steal. 

Regularly monitoring your systems can help detect ransomware attacks before they are activated. Unusual activity on your computer such as missing files and slow processing are all signs of ransomware and other types of malware. If your employees notice such problems, contact a professional right away to check your defenses and sniff out any malware on your system.

How should you respond during a ransomware attack?

Once you realize you are the victim of a ransomware attack you have a choice to make: pay the ransom or start the recovery process. Paying the ransom may seem like the simplest solution, but it may not be the best one.

”Ultimately, whether an organization decides to pay a ransom or not is a business decision. It is important to plan for this in advance and be certain to consider potential legal ramifications of paying a ransom. Also, understand that paying a ransom doesn’t always result in a faster or cheaper solution,” said Mark Baldwin, director of information security at Storable.

Keep in mind that you likely will not recover all of your data after paying a ransom. Organizations on average recovered only 65% of their original data, and only 8% achieved a complete recovery after paying off cybercriminals, according to Sophos.

“If you do decide to pay a ransom, it is imperative that you remediate the vulnerabilities used by the attackers, or else you may find yourself in the same situation again in the future,” Baldwin said.

The better option is to be well-prepared for ransomware attacks by having a solid response and recovery plan in place. Operators that regularly backup their data securely will not be tempted to pay a ransom.

Cyber tip: Have your security team create a “honeypot” on your network. This is a data directory that looks important but is never actually used for anything. If it is ever accessed, then you know your system has been compromised.

Spearphishing attacks

Spearphishing is a more refined and targeted version of the phishing schemes you are likely already familiar with. Traditional phishing attacks involve sending a massive number of fraudulent messages to a large number of potential victims, knowing that a handful will fall for it.

Spearphishing on the other hand, involves targeting specific organizations and users. Such fraudulent messages will often address the victim by name and include additional personal information. The messages are typically crafted so that they appear to be from a legitimate and trusted source such as a service provider the individual does business with or even a senior member of an organization.

Both types of phishing attacks share the same goals: to trick the victim into providing private information such as a username and password and/or to infiltrate your network. Spearphishing may be used to initiate a ransomware or cryptomining attack as well.

How do you prevent spearphishing attacks?

While spearphishing messages may appear legitimate at first glance, there are usually tell-tale signs that a link or file might be malicious. The best way to prevent your storage facility from falling victim to a spearphishing attempt is to train your staff to identify these red flags. You can also test your employees regularly with simulated phishing attempts sent to their inbox. 

Cyber tip: Google offers a free phishing quiz to get you started.

In addition to training your staff to spot spearphishing, choose a reputable email vendor. Microsoft and Google have robust scanning and filtering capabilities, and both companies do a decent job keeping malicious emails from ever hitting your inbox. Adding additional plug-ins, such as the Phish Alert from KnowBe4, can enable your staff to easily report suspected phishing to your security team.

Another way to lower your risk of being spearphished is to use a registered email service such as RMail, which encrypts your ingoing and outgoing messages and tracks them to create an extra layer of security. RMail integrates with Sitelink management software to make sending and receiving messages with tenants safer for both parties.

How should you respond to a spearphishing attack?

You or an employee might not realize a spearphishing attack is underway until it is too late. As soon as a spearphishing attack has been noticed, take the following steps immediately:

• Change any passwords that may have been compromised, as well as any similar passwords immediately. 
• If any credit card information was submitted to a fake website, cancel the card and report the breach to your issuer.
• Monitor your email account carefully to make sure that your contacts have not been hijacked and your account is being used to send more phishing emails.
• Contact the impersonated party and let them know their identity is being misused.
• Scan for viruses and have security professionals further check for any malware 

Cryptomining attacks

Also known as cryptojacking, this type of attack involves putting malware on your network that uses your computing power to mine Bitcoin and other cryptocurrencies for the perpetrator. This can cause your CPU usage and energy usage to surge, and slow down your ability to operate. 

Cryptojackings are growing in prevalence, as hackers reportedly are now favoring them over ransomware attacks. Because cryptomining on a network can go undetected for months, it can be more lucrative than ransomware attacks—especially as more organizations refuse to pay up. There is also less of a chance that the attacker will get caught as authorities have cracked down hard on ransomware hacker groups in recent years.

How do you prevent cryptomining attacks?

Most cryptojacking takes place through execution of JavaScript code. It’s best to use a safe web browser that blocks cryptomining such as Mozilla Firefox, Opera or Microsoft Edge. Google has banned cryptomining extensions in an effort to clamp down on attacks as well. Whichever browser you use, disabling JavaScript will help protect you from getting hijacked. Using an ad blocker and reputable endpoint protection software will also cut down your risk.

How should you respond to a cryptomining attack?

Cryptomining malware is designed to stay hidden, so how do you even know your computers are compromised?

The first red flag that you have been cryptojacked is a sudden reduction in computing performance. If you get a surge in complaints from facility managers about slow computers, it’stime to start investigating. Otherwise, continuously monitor activity on your network and cloud services for anything out of the ordinary.

Once you realize that your network is infected with cryptomining malware you’ll need to follow your cyber incident response plan and begin the process of containment, eradication and recovery.

Defending against cyberattacks

Dealing with cyberattacks is inevitable in today’s digital world. That is why it is important to develop your defenses before you get hit with one. There are a few things you can do right away to drastically improve your cyber security:

First, make sure you use a reputable endpoint protection (EPP) solution such as Crowdstrike, Malwarebytes, SentinelOne, or Microsoft Defender for Endpoints.  Such tools use advanced ML and behavioral analytics to detect and block malware which will help prevent the threats discussed in this article.

Next, make sure that you use multi-factor authentication (MFA) whenever it is available. This is an extra layer of security for logging into accounts. In addition to a password, users must authenticate their identity using a numerical code that is sent to their phone or email. Enabling this feature on any online services where it is available prevents unauthorized access to your accounts.  Along with MFA, make sure you are regularly changing passwords as well.

Finally, set out to create an incident response for your organization. This document will guide your company’s actions should a cyber security incident occur. Having a plan in place will help you better manage the crisis and act quickly to resolve it.