No business large or small is immune to the threat of cyber-crime and the UK hair and beauty sector is no different, you might think ‘We are a beauty salon, or hairdresser or a wellness business and nobody will bother to attack us’ but it’s not just the corporate companies that are affected.
With the National Beauty Federation (NBF) and National Hairdressers’ Federation (NHF) reporting 56% of UK beauty and hair salons having been victims of cyber fraud, it is never safe to assume your business will stay under the radar of online criminals.
Multi award-winning hair salon, Stuart Holmes in Cheltenham was the victim of a ransomware attack and their systems, instead of booting up properly had locked screens containing a ransom note stating that all files were encrypted and a ransom must be paid to get them back. Owners Sara and Stuart Holmes told their local media, ‘The hackers have taken from us our entire appointment data and that includes all our client appointments for the rest of the year.
‘We have no idea at all which clients are booked in for what services on what date. We have between 100 to 150 clients a day being looked after by our team of stylists and they have been arriving at reception and we have no records.’ The salon, which has a team of nearly 50, was unable to email, text or call clients as the hackers had taken all their contact details.
Making some basic but necessary changes could be enough to help deter opportunistic hackers from targeting your salon with a ransomware attack:
PHISHING EMAILS – emails used by criminals to trick recipients into clicking on malicious links or downloading malicious software which contains ransomware, or handing over their login details for popular sites such as Facebook, eBay and PayPal. Such emails can attempt to get personal information such as bank account details by claiming to be an unpaid or overdue invoice from a reputable supplier you work with.
TIP – never open attachments to emails when you don’t recognise the sender. If you receive an email directing you to log in to a service, type in the usual URL you use instead of clicking the link to ensure it’s a reputable site.
Staff awareness and training can also help with this type of approach – if in doubt, delete and ring your supplier using your usual contact details.
If the websites you use for business offer two-factor authentication (known as 2FA), then the National Cyber Security Centre (NEBRC) recommends you switch on that added layer of protection.
TIP: Get into good habits by using strong, unique passwords. Create complex passwords that compromises of three random words. Installing a password manager on your system can help you to store multiple, complex, passwords securely. Creating user-specific passwords and pin-protection for logins will help to protect your salon against cyber threats.
Ensuring your all devices are continually updated with anti-virus and malware software is also a must and there are many reputable and reasonably priced software packages available which are easy to install and update.
If you would like free, impartial, advice on how to make your business or employees more cyber security aware contact the NEBRC team at [email protected] or can follow the latest updates regarding the current threat landscape by signing up for our free core membership – this includes access to helpful resources and additional cyber security information for your business.