Avoid a Security Scare with IP Restrictions
Recently, a salon client shared that her favorite thing about Mindbody is that she can run reports while tucked into bed in her pajamas at midnight. It’s true; the mobility and accessibility of Mindbody are glorious. Unfortunately, this convenience means that anyone else with a username and password-be it an assigned staff member, untrustworthy business partner or ex-employee-can access your site from their pajamas at midnight, too. To keep a tighter grip on who is accessing your sensitive data (e.g., your clients’ personally identifiable information, credit card information, marketing insights, etc.), you can implement IP restrictions.
What is an IP restriction?
An IP address is a unique numerical code assigned to every Internet connection. To figure out what your IP address is, head over to Google and search for "What is my IP?”
IP restrictions allow you to specify which IP addresses have access to log in to your staff accounts. For example, you can permit staff members to only log in to your Mindbody site from your business’s physical location. This prevents staff members or someone who has hijacked login information from you from signing in and causing a ruckus.
There are two types of IP addresses: static and dynamic. A static IP address is the same every time you connect. Dynamic IP addresses may change each time you connect to your network. The process for setting up IP restrictions for your Mindbody site will vary depending on the type of address you have.
To see the IP addresses from which your staff members and clients have logged into your software, run the Entry Logs report. Each line of this report will show you who logged in, at what date and time, and from which IP address.
How do IP restrictions protect my business?
Too often, our team hears stories with similar plot lines from clients:
- A staff member logs into their Mindbody site after business hours to steal client lists and contact information and then opens a competing business down the block. (To see who’s accessing what information, when, and from where, check out the Staff Activity report. This report allows you to see which staff members accessed other sensitive reports, the time that those reports were accessed, the report's name, the staff member's IP address, and a "View" link that lets you see the report exactly as they saw it.)
- A busy business owner forgets to deactivate a staff profile, and the scorned ex-employee logs in to wreak havoc on their Mindbody site.
- An evil villain targets a small business as a potential gold mine and engineers a way to log in to their Mindbody site for valuable client information. (The most common way unwarranted people access Mindbody sites is by seeing a Post-It note with a username and password hanging from the monitor at a studio.)
All of these security nightmares can be avoided with IP restrictions.
Does this mean I can't work from home in my pajamas anymore?
Nope. IP restrictions are set based on staff permission groups, and you can add more than one IP address. Viva pajamas!
How do I set up IP restrictions in Mindbody?
Setting up IP restrictions is easy, but first, look up your IP address if you don't already know it. You'll also want to make sure you have your staff members assigned to the right permission groups.
1. Go to your Home tab, and click Staff.
2. Click Tools in the upper right-hand corner, and then select Staff Permissions
3. On the Staff Permissions page, click Add/Edit Groups.
4. On the next page, check the box next to “Enable IP Restrictions for Access Groups,” then click Setup IP List.
5. Type in your IP address, and click Add IP Address.
6. If you have more than one location, select which location applies.
7. Add all of the IP addresses that should have access.
8. Head back to your Staff Permissions page and click Add/Edit Groups again.
9. Check the boxes in the “Restrict IP” column next to the appropriate groups and click Update Groups to save your changes.