4 mins
HOW TO COMBAT cyberthreats
Cybercrime can wreak financial and reputational damage on businesses, so protecting your data from hackers is crucial. Expert Mark Walling shares how to safeguard your salon
While the perception is that smaller businesses are at less risk of cyberattacks, the reality is quite different. According to the latest Government Cyber Security Breaches Survey, 39% of all UK businesses reported cyber breaches in the last year – and those were just the ones reported.
Another statistic from the report showed that 90% of all successful data breaches involve phishing attacks – where an email containing a malicious link is sent to the business. In fact, 12% of users who opened a phishing email went on to click on the harmful link.
What’s more, even if you have your default security mechanisms set up correctly, a third of all phishing emails still get past these. So, technology alone isn’t enough to safeguard your business.
Why might you be targeted?
Cybercriminals have many different motivations and ways to get hold of salon data or damage beauty businesses.
These potential threats include:
• Infecting systems with malware (ransomware) – software specifically designed to disrupt, damage and gain unauthorised access to computer systems.
• Using social engineering – the use of deception to manipulate employees into divulging confidential and personal information that will be used for fraudulent purposes.
• Exploiting vulnerabilities – weaknesses in a system can be exploited by an attacker. Vulnerabilities exist within all systems and software. The challenge is ensuring systems are constantly up to date and that vulnerabilities are identified and remediated quickly to ensure risks are mitigated and the attack surface reduced.
• Overloading with DDoS (distributed denial of service) – hackers use multiple systems to flood and target the bandwidth and resources of systems. The website and systems receive so many requests that they are unable to deliver a response and either fail completely or just stop responding to any legitimate requests.
The potential risks
The damage caused by a successful cyberattack can range from a minor inconvenience to a major financial loss but, even with a relatively minor breach, the risks can be significant. In addition to potential financial losses, a business can be subject to regulatory fines resulting from loss of corporate or client data, declines in productivity, downtime and remediation costs, and damage to company reputation.
Typically, salons tend to be smaller businesses that don’t have a team of IT experts in house or a large IT security budget to spend on external help and advice.
Inevitably, lack of expertise and resources leads many salons to ignore the problem and hope that they will go under the radar of potential hackers. Unfortunately, the nature of phishing attacks is that they are large-scale, indiscriminate and rarely targeted at a specific business. So, any personal or business email is a potential target. According IBM’s Cyber Security Intelligence Index Report, human error is the main cause of 95% of cyber security breaches – in other words, had human error not been a factor, the chances are that 19 out of 20 breaches analysed in the study would not have happened at all.
Case study: FHT
The Federation of Holistic Therapists (FHT), the professional association for complementary, holistic beauty and sports therapists, was so concerned about the cyber threat to its members’ businesses that it has taken action to help.
In partnership with its long-term IT support provider, PT Solutions, the FHT put in place a set of relatively inexpensive solutions to help protect its member businesses. PT Solutions created an educational and cyber security programme for FHT members, delivering benefits included within membership, including a free allocation of support time, cyber security improvements and awareness, checks on their vulnerabilities on the open internet, IT policies, annual CPD (continuing professional development) points, and insurance benefits.
It’s important to note that cyber vulnerabilities extend to any connected device, including tablets and mobile phones, so these are also protected under the FHT cyber security initiative.
Members are also able to buy additional blocks of support time at discounted rates, which can be used to provide security or general IT support. There is also a remote staff training programme which allows FHT members to protect their business from a wider range of threats than any single technical solution could – and can potentially empower their members’ workforce to actively look out for and report new threats they may encounter.
Cyber Essentials
The FHT is supporting the Governmentbacked Cyber Essentials certification scheme and encouraging members to become certified. At its most basic level, Cyber Essentials helps organisations protect themselves against common online threats such as phishing, hacking and password guessing.
Action is needed to provide a basic level of protection, through technology and education, as these will protect salons against many cyber threats at a relatively low cost. Engagement with Cyber Essentials certification is a good starting point for any salon or spa.
Mark Walling is chief executive of PT Solutions, a company that specialises in IT support for small and medium-sized businesses including salons and spas.