In today's digitized world, it's not just banks and businesses that need to worry about cyber security—every endpoint that is connected to the Internet is at risk. With the increasing digitization of personal health information, massage therapists also need to be vigilant about protecting their client's data and other digital assets. Some major threat comes from outside the country where hackers have been known to target healthcare organizations in search of Personally Identifiable Information (PII). In addition, there are several other ways that massage therapists can become victims of cybercrime and or cybercriminals. For example, their appointment books may be hacked by cyberthieves to steal clients’ information. Their websites may also be defaced in order to damage their reputation. As a result, it is essential for massage therapists to take steps that will enhance their cybersecurity posture and to remain cyber-smart. 


What is Cybersecurity?
Cybersecurity (spelled ‘Cyber Security’ at times) is the practice of protecting electronic systems and data from unauthorized access or theft. In today's interconnected world, this includes everything from email and social media accounts to websites and databases, along with network devices that are connected to the Internet. With the increasing digitization of personal health information, it is essential for massage therapists to take steps to protect their clients' data from potential cyber threats. 

Hackers and other threat actors love to target small businesses because they do not have the resources to adequately secure their clients’ data and other digital assets. If you are a massage therapist and your organization experience an attack, not only will there be financial losses, but also personal information about clients who come through that door which could permanently ruin their reputation! This happened to a small massage therapy practice I know of that had its website compromised. The incident impacted them because they lost credibility and revenue when this occurred. 

 
How to Enhance CyberSecurity:
Rather than thinking about cybersecurity as something that will happen “if” it happens, it is best to think about it as something that will happen “when.” It is much easier to avoid a situation than it is to clean up the mess it leaves behind after it has occurred. Many cybersecurity experts believe that it is better for a company to be cybersecurity prepared when it has not experienced an active cybersecurity attack, than for it to be attacked without being prepared.  

There are several steps that massage therapists can take to enhance their cyber security.  Here are a few: 

Educate yourself and your team on how to identify cybersecurity red flags (be Cybersmart)
Cyber crooks are always trying new tricks on the cyber battlefield, but you can help keep your company safe by educating yourself and others about what they should be looking out for. For example, poor-quality logos; spelling mistakes in domain names, or sender details will make it easy to spot an email as spammy - so avoid them at all costs! Always practice Zero Trust by questioning every email that is considered consequential. Do not trust any electronic communication, phone call, text, and other forms of electronic communication that come your way without verifying the origin or sender.

A simple central point of contact for advice:
IT guardians or mentors could act as links between various business functions and information technology, providing informal advice. They might create email accounts for their charges in order to make sure that all important messages come through properly - this will also help with any problems which arise from having too many cooks on the stove!

Danger: Reused password ahead
How many streaming sites do you use? If they're all treated equally, then your password is probably not as secure on one site as it would be elsewhere - 51% of people surveyed by Specops Software said that their passwords were shared with others. A Massage Therapist who reused the same credentials for multiple accounts or sharing them without thinking could put themselves at risk of being hacked! Always change your password every 90 days!

Make multi-factor authentication (MFA) your friend: 
Multi-factor authentication (MFA) helps to ensure that your account is protected by requiring an additional method of personal verification. Some examples include text messages or phone calls, which can be used instead of passwords.

Your software does not have the latest updated version:
With the constant release of new software and security patches, it's easy to miss an update. A missed patch can leave you vulnerable in more ways than one- not only are there likely to be negative consequences for your company but also personally if the information was compromised during this time while no one knew about these vulnerabilities until it is too late! For example, Microsoft releases its systems’ updates and patches on the first Tuesday of every month. While most Microsoft Windows-based systems have an automatic update feature, it is a good practice to periodically check the Windows Update Settings to make sure the update was downloaded and installed.

What are your blind spots? 
With the recent data breach and other major hacks, it is more important than ever to ensure your company's security postures are in place. The first step of this process is conducting an assessment of how vulnerable you are as well as what potential vulnerabilities could lead to a successful attack against one or all systems in use at any given time. Look for blind spots that may exist within your massage therapy practices. Such shortcomings can often be seen before they cause problems if proper steps have not already been taken beforehand. As part of your company’s security best practice, always put in place a good policy and procedure for everyone to follow—think like the TSA at airports across the US.

Back that thing up:
Data breaches are becoming more prevalent in the massage therapy industry, and with them comes the risk of data loss. To avoid this horrid situation from happening in your business, you should back up all important information on a regular basis so that if anything goes wrong (like an attack by ransomware) then there is no need for concern because it can be easily reclaimed!

Can I insure my company again a cyber attack? 
We all know that massage therapists are familiar with liability and malpractice insurance. This is just part of protecting your business from Catastrophes, right? But have you considered investing in Cybersecurity Insurance to financially protect your assets should there be successful attacks on our systems? Investing in cyber insurance is a must for professionals who work with computers. The need to protect yourself financially after an attack can't be overstated.