Do YOU Know How to Protect Your Salon from Hackers?
A cyber-attack is one of those things you might not think about…until it happens to you. But if hackers and phishers (criminals who use emails appearing to come from legit sources) break into your salon’s accounts, they could not only gain access to all of YOUR personal information, they might also be able to access the personal information (think identifying data or credit card numbers) of your employees and clients.
To avoid a potentially disastrous situation and hefty legal fines, it’s better to be safe than sorry. So we’ll start with the reality: 60 percent of online attacks hit small and medium-sized businesses (read: your salon). And because your salon stores confidential information like client lists, customer databases and financial details—which are highly-prized assets for criminals—you could be at a greater risk than most. To keep you safe, we talked to our friends at Millennium Systems, NuStylist and SalonBiz, and they gave us their best advice on how to protect yourself now—plus, what to do if you’ve already been hit.
Lock it up
Avoid using shared computer accounts, and make sure the computer is locked when you step away. If your salon is required to use a shared computer account, the computer should at least be locked when no one is at the computer. It should also be configured to automatically lock when it’s inactive for a certain amount of time in case an employee forgets to lock it.
Back it up
Frequently back up data off site (either in the cloud or in a physical location). This can be as simple as a USB key or drive that you keep at home and bring in weekly to update. Rotate between at least two so that if you discover the day after you’ve made your copies that they have been encrypted by malware, you still have the previous week’s copies. Don’t leave it connected all the time because if something does make it to your computer it will likely infect those too.
Avoid saving passwords in your browser
If the computer is compromised, the attacker might be able to find out what your saved passwords are and log into your accounts. Also, don’t leave pieces of paper with your password laying around. No sticky notes with passwords at front desks!
Educate your employees on good security practices
Even if you have an updated antivirus/antimalware and your software is all up to date, that won’t stop an employee from replying to a phishing email or phone call and doesn’t always prevent malicious software from being installed.
Let’s talk about passwords
Make sure to use strong passwords (at least 15 characters long) for your WIFI, computers, software systems, email accounts and all other important accounts containing sensitive information that aren’t used anywhere else. It’s a good idea to update these frequently (every three to six months) or whenever staff in your salon changes—the last thing you want is a disgruntled ex-staff member with access to your salon’s Instagram account. Also, never leave your WIFI open or unprotected. Need help creating a strong password? Use sites like this one to come up with something that’s difficult to hack.
Consider investing in a business-specific router. A small business router is preferable to a $30 router off the shelf. Business routers are harder to modify but offer more security and protection.
If something seems suspicious, it probably is
For example, says former Unit Chief of the FBI’s Cyber Division Don Codling, “Three things banks do extraordinarily well all over the world? They know who you are, they know how much of your money they have and they know how much money you owe them. They will never ever call you and say ‘Can you give us your social security number?’ ‘Can you give us your account number?’ That never happens.” And p.s.— no good ever came from someone saying: “I thought it might be a scam, but I wanted to see what happened.”
Have a separate WIFI network for guests to use
And make sure it’s not linked to your business WIFI network. Guests should never have access to your business WIFI. Many routers can do that easily now for you.
Keep software up to date
Your operating system, your virus protection software, your salon software…it’s very important you keep all of these up to date with latest versions. Hackers are constantly exploiting holes in software to gain access, so having the latest version means you keep those holes closed.
Don’t open email attachments from people you don’t know
You should even be suspicious if you’re not expecting an email attachment from someone you do know. Also, “Don’t use your computer that you have your POS software running on to look at Facebook or cat videos,” says Don.
On that note, never install any software you don’t know or trust. This is especially true if you receive emails with links to install software you don’t recognize. Most phishing occurs via email that asks you to install malicious software or provide personal information. Trusted software platforms will never ask you to do this.
Many software platforms today offer “two-factor” authentication, which requires a user to provide two pieces of evidence before logging in. A common example of this is when you receive a text message with a code to enter once you have logged in with your email and password. It’s a good idea to see if your software platform offers two-factor authentication and, if so, to set it up.
Protect personal information
Review Cyber-Security Insurance options with your insurance provider
They may be able to offer you a cost-effective package that would help offset costs in case something happens. Consider it as you would Business Interruption insurance.