Do you know your MFA from your GDPR? Paul Gammon from My Tech Coach breaks down the essential tech your fitness business needs, in this need-to-know IT guide for busy fitness professionals
Your domain is on the studio floor – correcting form, motivating clients, programming for results. But, as your business grows, a second, more demanding workout begins: the digital admin.
Managing booking systems, securing sensitive client health data, troubleshooting Wi-Fi drop-outs, navigating AI tools – it all adds up. Many trainers find themselves stretched thin before they’ve even opened their inbox. You wouldn’t expect a client to master a deadlift without a coach, so don’t expect yourself to nail your IT infrastructure alone. Here’s where to start.
What is MFA and do I really need it?
MFA stands for Multi-Factor Authentication. It means you need two things to log in: your password and a one-time code sent to your phone or authenticator app. Think of it as a fingerprint scanner at the turnstile – even if someone steals your gym membership card, they still can’t get through.
The verdict: Most hacks start with a stolen password. MFA is the single most effective thing you can do to protect your accounts. Enable it on all business software and social platforms today – it takes five minutes and could save your entire business.
Is the Notes app really that bad for storing passwords?
Yes. Storing passwords in your Notes app is like leaving your laptop in an unlocked car. A dedicated password manager – such as 1Password, Bitwarden or LastPass – creates an encrypted vault, generates genuinely uncrackable passwords and remembers them for you.
The verdict: A password manager eliminates ‘password fatigue’ and means that if one account is breached, the hacker can’t use that same password to access your bank. It auto-fills logins too, so your day actually gets easier.
Do I need a custom domain email address?
Using a @gmail.com or @hotmail.com address for client communications can quietly undermine your credibility. A custom address like [email protected] signals that you’re an established, professional business – not a side hustle.
The bonus: Emails from custom domains are far less likely to land in your clients’ spam folders than those sent from free generic accounts.
How long should I keep client data?
This falls under your Data Retention Policy. Under UK GDPR, you shouldn’t hold on to sensitive information – such as health questionnaires or progress photos – indefinitely.
A sensible rule of thumb: keep data for as long as the client is active, then for the period your insurance provider requires after they leave (typically three to seven years for liability purposes) and then delete it securely.
The verdict: Set a ‘Digital Spring Clean’ reminder once a year to audit and purge old files. It keeps your storage lean and your compliance in good shape.
Don’t take the bait: Your guide to ransomware and phishing
Ransomware is malicious software that locks your files and demands payment – usually in cryptocurrency – to release them. It’s no longer a fringe threat.
623M+ Ransomware attacks attempted in 2022
40%+ Of attacks begin with a phishing email
$1B+ Annual cost of ransomware globally
The most common entry point? A phishing email you clicked without thinking. Here’s how to stay sharp:
- Pause before you click. Does it make sense for you to have received this email? Is the sender’s address exactly as you’d expect? Hover over any link first – it will show you the actual destination URL.
- Know the tactics. Most phishing attacks are after your password. Common tricks include fake shared documents or messages claiming IT needs you to verify your account. They’re becoming increasingly targeted and convincing.
- Report it – even if you clicked. Tell colleagues. A quick conversation could stop someone else from falling for the same attack. If you suspect you’ve already clicked a suspicious link, report it immediately rather than hoping for the best.
Why more fitness professionals are outsourcing their tech
If all of the above has you sweating more than a double session, you’re not alone. Here’s what handing your tech to a specialist actually gives you back:
- Your training hours. Every hour spent fighting a website plugin or resetting a password is an hour you’re not on the floor with clients.
- A streamlined tech stack. The right setup means your admin runs on autopilot – bookings, communications, storage, all joined up.
- Bulletproof security. Industry best practices – from MFA to encrypted cloud backups – that act as an insurance policy for your clients’ trust in you.
Free tech audit — limited spaces
Be one of the first 15 fit pros to get in touch and discover exactly where your digital systems need strengthening – at no cost. Email [email protected] and quote FitPro to claim yours.
Find out more about running your fitness business in this FitPro blog by Adam Daniels on the fundamentals of running your fitness business
Paul Gammon
With 25 years of experience in IT, Paul Gammon of My Tech Coach brings deep expertise across server support, telecoms and networking, as well as all the day-to-day digital admin that keeps a modern business running. He partners with fitness professionals to handle everything from setting up MFA and custom domain email to building cloud folder structures (Microsoft or Google) that make GDPR compliance straightforward. My Tech Coach also provides dedicated work eSIMs and Microsoft or Google licensing. mytechcoach.co.uk
