Safeguard your spa or massage practice data from cybercrime

Cybercrime may not be your number one concern but as the owner of a spa or massage practice, your business may be a prime target.  Since 2011, cyberattacks focused on small business have been on the rise. Small Business Trends reports that 43 percent of cyberattacks target small businesses. And many small businesses are not prepared for the impact of a cyberattack and may experience devastating results. According to the U.S. National Cyber Security Alliance, 60 percent of small companies that suffer a cyberattack are out of business within six months.

Many of those small businesses that never recover from a cyberattack often are ones that gather and store very sensitive customer information, such as credit card information or health records or social security numbers. A cyberattack could mean the loss of customers and in turn revenue.

Small businesses in particular need to be concerned about ransomware. It’s is a growing type of cybercrime in which criminals use malicious software to block access to a company’s computers until it agrees to pay their financial demand to unlock your data. On May 12 of this year, the world was hit with a widespread ransomware attack starting that morning with at least 75,000 computers in 99 countries affected. The ransomware attack locked the files of impacted systems and criminals demanded payment — $300 in bitcoin — to release the data.

Considering that you may have extensive client sales and retail inventory data on your spa or massage practice computers, ransomware can be a major setback to your business. What’s more worrisome is that there is no guarantee that paying the ransom will actually unlock your files.


Safeguard data

In order to protect your spa or massage practice data, you’ll want to take the following measures:

Install a firewall: Firewalls can stop hackers from getting your data by blocking certain websites. You also can program a firewall to restrict what data and emails can be sent from your small business.

Maintain antivirus software: Install antivirus and anti-malware software programs and keep them up to date with the latest versions from your provider.

Create strong passwords: Passwords should be at least eight characters and include a combination of upper and lower case letters, numbers and symbols. Make sure to change your password every 90 days at a minimum.

Encrypt data: Use encryption software that alters information into unreadable code to protect financial information and customer data.

Secure your Wi-Fi network: Set a strong admin password on your router and periodically change it. Also create a strong passphrase to encrypt your network

Train employees on security: Draft a written security policy about how to protect data and make sure that your team reads and understands it. As an example, it should caution team members not to open suspicious email that contains attachments or click on links in emails when they don’t know the sender.


Cybercriminals are getting more aggressive about trying to access small business data. Don’t lend them a hand with lax cybersecurity.