Hi Colleen,
Security is a huge concern for everyone when it comes to the Internet. As far as guarantees, there are none - just ask Hannaford Brothers Company (http://www.nytimes.com/2008/03/23/us...rssnyt&emc=rss). Web security probably deserves a thread by itself.

Here is the main consideration before you have that next talk with your owner: What is the perceived benefit for your company? I would suggest that nearly every self storage property would benefit from some exposure on the Internet. For some folks, it might simply be for advertising. For others, it's meeting the needs of tenants who are requesting on-line account access. Still others would like management and analysis capability. Zeroing in on your needs helps you determine how much you would like to leverage the Internet, which identifies the risk you're willing to assume and how concerned about security you need to be.

On opposing ends of the spectrum might be advertising on your website (virtually no risk) to real-time account and management access (higher risk).

When vendors design access to management software from the Internet most will take security very seriously. Let's look at a couple hypothetical scenarios for using the Internet with your business and discuss the security implications:


A. Your company accesses the web and uses email, surfs the Net, etc. but doesn't explicitly involve management software for your property.

Typical security is needed: anti-virus software, spam filters, etc. Your computer could be compromised and someone could monitor your usage. Since there is a low-level of sensitive information the risk is relatively low.

Your company's exposure is about as attractive as a 60 watt bulb viewed from across the street.

B. Your company implements a web-enabled tool that directly involves your management software. Tenants can make on-line payments and view their account status.

Above-average security is needed: tools like this probably mean you're running a web-server which allows the entire Internet to see your business. The tool must protect the data behind the web-server. It also must encrypt all traffic so that your tenants are protected when they enter credit card numbers, etc. The good news is that this type of security is becoming a commodity as many business "place their shingle" on the web. It's relatively cheap to purchase, implement and maintain a web sever.

On-line account access means each tenant requires a unique username and password. They can only access their own information so a hacker would need to guess multiple sets of credentials.

Additionally, the amount of data available is limited to the number of properties managed at this office so a would-be hacker is targeting a few hundred account numbers.

You company's exposure could be compared to a flashing neon sign viewed from across the street.

C. Your company implements a web-based tool that moves all of your management capacity to the vendor's website. You can access your property's information from any computer in the world.

High security is needed: in this case, your company has some of the same responsibilities as described in (A) but it doesn't stop there. The vendor's site has much greater responsibility for securing your data. The cost for maintaining this security will be reflected each month in your service fee for using the software.

On-line management access means a hacked account will have access not just to a single account at a time but all accounts as well as the various aspects of managing and analyzing your business.

Because data for many facilities is stored with the same vendor, a would-be hacker is now targeting tens-of-thousands of account numbers.

Your company's exposure (relative to the options above) could be compared to driving down the Las Vegas Strip.

Making a decision about how to leverage the Internet is no different than most things in life - the more rewards received, the greater the responsibility. As stated, all reputable vendors will take these concerns about security very, very seriously. A web-based vendor knows that their site has a large bullseye painted on it. Maybe not as big as Hannaford Brothers, but as large as any in the self-storage industry. These vendors should take the appropriate steps to secure their sites, protect against breaches and notify clients of any suspicious activity if it occurs. They can spread the costs for doing these things across all of their clients. Web-based tools, on the other hand, place the burden of security on the individual property. You are responsible for protecting just yourself which allows more granular decision-making and greater flexibility. There are too many variables to guess which costs more.

So ultimately, security comes down to identifying how you need to (or how you want to) use the Internet. Once you know that, you can begin to assess how much risk you're willing to accept, identify the costs for making sure your business is protected, and create a roadmap for implementing your solution. I wish you the best of luck as you investigate further.