Salon security: is your data safe?
Cyber-crime is at an all-time high, wreaking financial and reputational damage on businesses, which is why protecting your data from hackers has never been more crucial. Mark Walling, chief executive of PT Solutions, shares how to safeguard your salon.
While the perception is that smaller businesses are at less risk of cyber-attacks, the reality is quite different.
According to the latest Government Cyber Security Breaches Survey, 39% of all UK businesses reported cyber breaches in the last year – and those were just the ones reported.
Another key statistic from the report revealed that 90% of all successful data breaches involve phishing attacks – where an email containing a malicious link is sent to your business. In fact, 12% of users who opened a phishing email went on to click on the harmful link.
What’s more, even if you have your default security mechanisms set up correctly, a third of all phishing emails still get past these. So, technology alone isn’t enough to safeguard your business.
Why are cybercriminals targeting your business?
Cybercriminals have many different motivations and ways to get your data or damage your beauty business, including:
- Infecting your systems with malware (ransomware) - malware is software that is specifically designed to disrupt, damage, and gain unauthorised access to your computer systems.
- Using Social Engineering - the use of deception to manipulate your employees into divulging confidential and personal information that will be used for fraudulent purposes.
- Exploiting vulnerabilities - weaknesses in your system can be exploited by an attacker. Vulnerabilities exist within all systems and software. The challenge is ensuring that your systems are constantly up to date and that vulnerabilities are identified and remediated quickly to ensure your risks are mitigated and your attack surface reduced.
- Overloading with DDoS (Denial of Service) - hackers use multiple systems to flood and target the bandwidth and resources of your systems. Your website and systems receive so many requests that they are unable to deliver a response and either fail completely or just stop responding to any legitimate requests.
What are the potential risks of cybercrime?
The damage caused by a successful cyber-attack can range from a minor inconvenience to a major financial loss for your business but, even with a relatively minor breach, the risks can be significant. In addition to potential financial losses a business can be subject to regulatory fines resulting from loss of corporate or client data, declines in productivity, downtime and remediation costs, and damage to company reputation.
How are salons responding to this cyber threat?
Typically, salons tend to be smaller businesses that don’t have a team of IT experts in house and tend not to have large IT security budgets to spend on external help and advice.
Inevitably, lack of expertise and resources leads many salons to ignore the problem and hope that they will go under the radar of potential hackers.
Unfortunately, the nature of phishing attacks is that they are large-scale, indiscriminate, and rarely targeted at a specific business. So, any personal or business email is a potential target.
According IBM’s Cyber Security Intelligence Index Report, human error is the main cause of 95% of cyber security breaches – in other words, had human error not been a factor, the chances are that 19 out of 20 breaches analysed in the study would not have happened at all.
Case study: how the FHT is responding to cyber threats
The Federation of Holistic Therapists (FHT), the professional association for complementary, holistic beauty and sports therapists, was so concerned about the cyber-threat to its members’ businesses that it has taken action to help.
In partnership with its long-term IT support provider, PT Solutions, the FHT put in place a set of relatively inexpensive solutions to help protect its member businesses.
PT Solutions has created an educational and cyber security programme for FHT members, delivering benefits included within membership, including a free allocation of support time, cyber security improvements and awareness, checks on their vulnerabilities on the open internet, IT policies, annual CPD (Continuing Professional Development) points, and insurance benefits.
It is important to note that cyber vulnerabilities extend to any connected device, including tablets and mobile phones, so these are also protected under the FHT cyber security initiative.
Members are also able to buy additional blocks of support time from PT Solutions, at discounted rates, which can be used to provide security or general IT support.
PT Solutions and the FHT are also facilitating a remote staff training programme which allows FHT members to protect their business from a wider range of threats than any single technical solution could – and can potentially empower their members’ workforce to actively look out for and report new threats they may encounter.
Finally, the FHT is fully supporting the Government-backed Cyber Essentials certification scheme and is strongly encouraging its members to become certified.
At its most basic level, Cyber Essentials helps organisations protect themselves against common online threats such as phishing, hacking and password guessing.
PT Solutions will be working to support members through the certification process and through to Cyber Essentials Plus certification, should they wish to engage in this more advanced programme.
Why it's time to engage with the issue of cyber-crime
Action is needed to provide a basic level of protection, through technology, training, and education, as these will protect salons against many of the cyber threats they face at a relatively low cost. Engagement with Cyber Essentials certification is a very good starting point.