While the perception is that smaller businesses are at less risk of cyber-attacks, the reality is quite different. According to the latest Government Cyber Security Breaches Survey, 39% of all UK businesses reported cyber breaches in the last year – and those were just the ones reported. One other figure that should grab salon owners’ attention is that 90% of all successful data breaches involve phishing attacks – where an email containing a malicious link is sent to your business. In fact, 12% of users who opened a phishing email went on to click on the harmful link. And even if you have your default security mechanisms set up correctly, a third of all phishing emails still get past these. So, technology alone isn’t enough to safeguard your business.
What are cybercriminals trying to do to your business?
Cybercriminals have many different motivations and ways to get your data or damage your business, for instance they may:
- Infect your systems with malware (ransomware) – malware is software that is specifically designed to disrupt, damage, and gain unauthorised access to your computer systems.
- Use Social Engineering – the use of deception to manipulate your employees into divulging confidential and personal information that will be used for fraudulent purposes.
- Exploit vulnerabilities – weaknesses in your systems that can be exploited by an attacker. Vulnerabilities exist within all systems and software. The challenge is ensuring that your systems are constantly up to date and that vulnerabilities are identified and remediated quickly to ensure your risks are mitigated and your attack surface reduced.
- Overload with DDoS (Denial of Service) – hackers use multiple systems to flood and target the bandwidth and resources of your systems. Your website and systems receive so many requests that they are unable to deliver a response and either fail completely or just stop responding to any legitimate requests.
What are the potential risks to your business?
The damage caused by a successful cyber-attack can range from a minor inconvenience to a major financial loss. But even with a relatively minor breach, the risks can be significant. In addition to potential financial losses a business can be subject to regulatory fines resulting from loss of corporate or client data, declines in productivity, downtime and remediation costs, and damage to company reputation.
So how are salons responding to this cyber threat?
Typically, salons tend to be smaller businesses that don’t have a team of IT experts in house, and they tend not to have large IT security budgets to spend on external help and advice. Inevitably, the lack of expertise and resources leads many salons to simply ignore the problem and hope that they will go under the radar of potential hackers. Unfortunately, the nature of phishing attacks is that they are large-scale, indiscriminate, and rarely targeted at a specific business. So, any personal or business email is a potential target.
The Federation of Holistic Therapists (FHT), which is the largest professional association for complementary, holistic beauty and sports therapists, was so concerned about the cyber-threat to its member’s businesses that it has taken action to help. In partnership with its long-term IT support provider, PT Solutions, the FHT has put in place a set of practical and relatively inexpensive solutions that go a long way towards protecting its member businesses.
Could the FHT solution be a blueprint for other professional membership organisations?
PT Solutions has created an innovative educational and cyber security programme for FHT members that delivers a range of member benefits included within their membership. These include a free allocation of support time from PT Solutions for each member, cyber security improvements and awareness, checks on their vulnerabilities on the open internet, IT policies, annual CPD (Continuing Professional Development) points, and insurance benefits. It is important to note that cyber vulnerabilities extend to any connected device, including tablets and mobile phones, so these are also protected under the FHT cyber security initiative. Members are also able to buy additional blocks of support time from PT Solutions, at discounted rates, which can be used to provide security or general IT support.
In addition, the FHT and PT Solutions are also addressing the issue that leads to most cyber security breaches. According to a study by IBM, human error is the main cause of 95% of cyber security breaches (IBM Cyber Security Intelligence Index Report) – in other words, had human error not been a factor, the chances are that 19 out of 20 breaches analysed in the study would not have happened at all. So, PT Solutions and the FHT are also facilitating a remote staff training programme which allows FHT members to protect their business from a far wider range of threats than any single technical solution could – and can potentially empower their members’ workforce to actively look out for and report new threats they may encounter.
Finally, the FHT is fully supporting the Government-backed Cyber Essentials certification scheme and is strongly encouraging its members to become certified. At its most basic level, Cyber Essentials helps organisations protect themselves against common online threats such as phishing, hacking and password guessing. PT Solutions will be working to support members through the certification process and through to Cyber Essentials Plus certification, should they wish to engage in this more advanced programme.
It’s time to engage with this issue
Whether your business is a member of the FHT or not, action is needed to provide a basic level of protection, through technology, training, and education, as these will protect salons against the majority of the cyber threats they face at a relatively low cost. Engagement with Cyber Essentials certification is a very good starting point.
FHT Blog 
Leave a reply