top of page

WMCRC warns regional health and beauty businesses to not take shortcuts on cyber security

The Cyber Resilience Centre for the West Midlands is urging businesses within the health and beauty industry to be extra vigilant and to take action to help secure their businesses from cyber criminals who are looking for opportunities to strike. Since January 2020, the average annual cost for businesses that lost data or assets after a cyber-attack was £8,460.

The number of virus and ransomware victims is on the increase so there is no better time to check your security and back-up procedures. If your health and beauty business fell victim to a cyber-attack, would you know what to do or even how to identify an attack?

In June 2020, cosmetics and personal care company, Avon was hit by a cyber-attack that disrupted online ordering services and back-end systems in the UK and across Europe. The Avon website was offline for several weeks, the customer service centre had to close, and the firm was unable to respond to customer emails.

Unfortunately, with 39% of businesses suffering a cyber-attack in the last 12 months, cyber-attacks are now a matter of when rather than if. Every day we are seeing cyber-attacks of varying levels, but many are preventable with the implementation of some basic cyber hygiene practices.

To help your business strengthen its cyber resilience and avoid becoming a victim of cybercrime, you can follow and adopt these basic practices outlined in the Small Business Guide from the

National Cyber Security Centre (NCSC). The guide sets out five key areas for businesses to help improve their cyber security.

The five recommended areas of focus are:

  1. Backing up your data: Top tips include keeping a back-up of data separate, reading our Cloud Security guidance, and backing up regularly.

  2. Protecting from malware: Top tips include switching on firewalls, preventing staff downloading dodgy apps, and controlling how USBs can be used.

  3. Keeping your smartphones (and tablets) safe: Top tips include making sure devices can be wiped remotely, not connecting to unknown Wi-Fi networks and keeping device software up to date.

  4. Using passwords to protect your data: Top tips include avoiding predictable passwords, using two-factor authentication, and changing default passwords.

  5. Avoid phishing attacks: Top tips include checking for obvious signs of phishing, reporting all attacks, and testing resilience using our Exercise in a Box tool.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page