Did the recent NHS cyber-attack make you feel a little anxious?
It should have done, as it highlighted the exposure of your salon business online and the need for better cyber-security.
If you’re thinking, “Yes, but we’re a beauty salon and no-one is going to bother to hack us”, think again.
It’s not just the corporate giants that are attacked or defrauded online…
Hacked hair salon pays ransom to cyber-attacker to recover data
Multi-award winning hair salon, Stuart Holmes in Cheltenham, was the victim of a malicious online cyber attack in June 2016.
Owners Sara and Stuart Holmes told local media, “The hackers have taken from us our entire appointment data and that includes all our client appointments for the rest of the year.
“We have no idea at all which clients are booked in for what services on what date. We have between 100 to 150 clients a day being looked after by our team of stylists and they have been arriving at reception and we have no records.”
The salon, which has a team of nearly 50, was unable to email, text or call clients as the hackers had taken all their contact details.
The hackers demanded a ransom of £1,600 worth of bitcoins for the return of the data which Sara Holmes had to pay, although the police advised her not to, as the hackers had brought the salon to a standstill. Overall she said the attack had cost the business thousands of pounds.
Thank goodness we’re back to normal now! ITV Westcountry on our recent cyber attack https://t.co/gRBEwmqqG5 #’Cheltenham
— Stuart Holmes Salon (@Stuart_Holmes) 29 June 2016
Not a one-off salon cyber attack
Scottish salon Ellen Conlin Hair & Beauty also confirmed it paid a €1,000 ransom after its software management system was hacked earlier this year.
The hackers locked the software leaving the salon unable to access appointments, salary and commissions, stock control and client histories.
The salon owner felt he had no choice but to pay the ransom as the future of his business was in jeopardy. Even then when the data was unlocked future appointments were found to be deleted.
Sloppy online security can devastate your salon or spa
And it isn’t just cyber-attacks that make your business vulnerable.
Lax admin arrangements, sloppy housekeeping and a lack of understanding leave your salon or spa business wide open to abuse.
Did you know that employees opening email attachments they believe are from trusted sources is one of the biggest ways hackers gain access?
Think about it. You’re cautious with your personal online security but when it comes to protecting your hair or beauty business you need to be even more organised to prevent cyber fraud or attack.
It’s not just hackers who pose a threat to your hair or beauty business
With team members constantly accessing your booking software, social channels, website, email account and possibly even the business bank account you need to be vigilant.
You don’t want your client database copied by a departing employee.
Or your social media used by a disgruntled team member.
In this blog post I’ll show you:
- How to create strong passwords.
- Robust systems and policies in place to protect your salon business.
- A mega helpful website packed with personal and business online security advice.
Are your passwords leaving your salon or spa data exposed?
If you use any of these passwords for your salon booking system, e-mail accounts, website access or social media accounts then you need to think again.
Security experts say these are some of the most popular passwords used and they are a hacker’s dream.
How to create a strong password for your hair & beauty business
Avoid these when deciding on your salon password:
- names generally, and especially your surname or salon business name.
- number sequences like 1234 or 1111 or 2468
- information it’s easy for criminals to discover on social or online:
- your birthday or birth year
- pet, children or parents’ names
- variations on your private or business address
- your favourite football club or other hobbies.
- your place of birth.
- changing letters to numbers (A to 4,E to 3 and i to 1). These combinations are well-known to fraudsters. P4ssword is a classic.
Instead follow these guidelines:
- Select salon passwords with at least 8 characters. If the login allows you to use more then do so, as longer passwords are harder for criminals to hack or guess.
- Use a combination of upper and lower case letters, numbers and keyboard symbols such as @ # ! £ % > & * + ?
- Consider using a password creator like Norton Password Generator or Strong Password Generator.
Set up robust salon systems to guard your data
You run a busy success business, so clearly trusted team members need to know passwords and access your online marketing and business tools. But this does make you more susceptible to cyber-fraud or hacking.
Your team need to understand the security risks and how to minimise them, so set up training, systems and checklists to guide them.
Start by explaining the risks so they understand why it is so important to the salon that they are cautious and follow the right security procedures, whether on or off your business premises.
Set up automatic daily off-site back-ups so you have a copy of your data you can access quickly in an emergency.
Expert guidelines for safeguarding your salon business
Getsafeonline (more on them below) recommends you and your team follow these online security guidelines:
- Don’t enter your password when others can see what you are typing.
- Never disclose salon passwords to anyone else. If this does happen (deliberately or accidently) change them immediately. Don’t take unnecessary security risks.
- Create a different password for each social channel, your website, your salon booking system, online banking etc. Using the same salon password for everything means once a fraudster breaks it they can access everything.
- Avoid recycling passwords (password2, password3).
- Don’t write the password on a sticky note stuck to your computer keyboard. I’ve seen this on salon reception desks where it’s visible to all.
- If you must write passwords down then make sure they are meaningless to other people by substituting the characters in your password with others that you can remember, or easily work out. Alternatively, use an online password vault but check out their credentials carefully first.
- Be wary about opening attachments, especially zip files. Let your team know you’d rather they asked you if they have any doubts.
- Wherever possible set up individual user accounts and passwords with appropriate access levels. Ask yourself what level access staff really need to do their job. Don’t invite trouble from disenchanted departing employees who may be tempted to copy your client database and contact your customers.
- Be careful when disposing of old computers, smartphones and laptops as they contain vast amounts of personal and business data. Wipe the data then physically destroy the SIM card (if you’re not using it on your new mobile device) or the hard drive of your old computer.
Define salon online security policies in your Staff Handbook
Reinforce this team training by clearly setting out what is acceptable online, and what is not, in your salon or spa Staff Handbook.
Things to cover include the use of your salon:
- Salon booking system
- Client database
- Password security
- e-mail accounts
- Social media
- Accessing the Internet
- Your salon monitoring policy
If you haven’t found that elusive 5 minutes to write a Staff handbook, let alone add a section on online security and good practice, then help is at hand. If you are a Member of the National Hairdressers’ Federation (NHF) you can get their Staff Handbook as part of their free Contract of Employment package. The Federation work with both beauty and hair businesses (despite their name) so if you run a spa or aesthetics clinic they will support you.
If drawing up your own then always take professional legal advice as we all know Employment Law is a minefield.
Useful resource to protect your hair or beauty business
Finally, if you’re interested in learning more Get Safe Online is a public/private sector partnership supported by HM Government and leading organisations in banking, retail, internet security and other sectors. It’s packed with helpful articles and practical advice to keep you and your business safe online. I’d thoroughly recommend it.