Cyber Crime art

Large corporations may be the favorite targets of hackers, identity thieves and cybercriminals, but most internet technology (IT) professionals agree it’s no longer a matter of if but when smaller businesses—which are more likely to have lax security—can expect to sustain a data breach or cyber attack.

If you think a massage therapy business doesn’t have anything worth stealing or is too small to be an attractive target for cybercriminals, think again.

Among the biggest cyber threats and vulnerabilities facing massage therapists today, notes Mark Volkmann, CEO of MassageBook, are data integrity of financial transactions, SOAP and medical notes, scheduling data and email lists. Risks don’t just come from the internet or outside forces, he adds, but also from those with access to a business’s information, including employees.

With the number of threats—from phishing scams to denial-of-service attacks and privacy breaches—on the rise, start safeguarding against cybercriminals by reviewing your data policies, streamlining your internal procedures and investing in preventative measures, especially quality software against viruses, malware and online intrusions.

“We have had attacks that messed up our website with malware—perhaps from an unscrupulous competitor,” says Dan Melmed, L.M.T., owner of Body Well Mobile Massage, based in Miami, Florida.

“When I hired an overseas contractor to shore up security, after the prior problem had been resolved, we had another attack a week later. It might have been caused by the very person I hired, possibly to give himself more work,” he continues. “At the very least, make sure you back up your site offline, and if you use Wordpress, keep your site properly updated and avoid outdated plugins which can cause security holes in important functions like inquiry forms.”

Other important precautions massage therapists should consider include taking advantage of software that utilizes encryption for sensitive client and financial data and using complex passwords based on upper- and lower-case letters and numbers.

While digitizing and encrypting records may take some effort, it’s much more secure than paper-based recordkeeping, especially with good practice-management software that allows you to restrict or grant access to specific data areas and functions at the click of a button.

Volkmann advises whether you use practice-management software or not, be sure to:

  • Keep all sensitive records locked up and restrict access to only those whom you trust.
  • Never store credit card information on paper or on a computer unless the information is encrypted.
  • Never allow client records to leave the office or be placed where they may be seen by other clients.
  • Keep any paper-based schedules secure and available only to approved individuals.

Mark Kleszczewski is president of GoBusiness Group LLC and a freelance writer on critical business topics. He can be reached at