, ,

M&S cyber attacks spark warning for all businesses to boost security

6-minute read

Image credit: Vasyl/stock.adobe.com

The recent cyber attacks to hit Marks & Spencer, Co-op, and Harrods show how important it is for businesses to have an effective cyber security plan in place.

Stolen customer data, empty shelves, and disruption to online operations are just some of the issues caused by the latest hacks.

You may think cyber security is only for large multinational businesses, but it’s vital for all businesses.

Perhaps you have an online shop, collect data from your customers, or take online payments and store credit card details. All this information is vulnerable to cyber attacks and data breaches.

‘A wake-up call for every business in the UK’

The government is taking action to boost the UK’s cyber protection. It’s also urging businesses to make sure they have the measures in place to protect them and a response plan to minimise the impact of an attack.

Pat McFadden, Chancellor of the Duchy of Lancaster, said: “These attacks need to be a wake-up call for every business in the UK.

“In a world where the cybercriminals targeting us are relentless in their pursuit of profit – with attempts being made every hour of every day – companies must treat cyber security as an absolute priority.”

The NCSC’s Small Business Guide has tips to help protect businesses from cyber crime.  

How the cyber attacks unfolded at M&S, Co-op and Harrods 

M&S has had to halt online orders for almost three weeks as a result of a cyber attack. Now the retailer has shared that some customer data has been stolen, and services are still not back to normal. 

Co-op was hit by a similar cyber attack and stock shortages have been seen in shops as a result. Harrods was also targeted by hackers. 

A ransomware group, DragonForce, has since claimed responsibility for all three attacks. 

What is a cyber attack – and what are the common threats?

A cyber attack is when a hacker tries to disable systems, steal data, or destroy information by gaining unauthorised access to computer systems.

Common types of cyber attack

The European Union Agency for Cybersecurity (ENISA) has revealed the common types of cyber attacks experienced by small and medium-sized businesses:

  • phishing attacks – fraudulent emails asking businesses to share passwords and banking information
  • malware – software designed to get unauthorised access to a computer and cause damage, such as a virus
  • malicious insiders – attacks from employees or former employees who have access to your system and breach sensitive data
  • denial-of-service strikes – an attack which aims to shut down a company’s systems so it can’t operate

How to prevent cyber attacks against your business

It’s important to have a robust defence against cyber attacks in place. And, as the technology used to carry out attacks develops quickly, you’ll need to review your procedures regularly.

Some of the simplest things you can do include:

  • updating software – installing updates as soon as they become available is an easy way to protect your business
  • backing up your data – if you were to fall victim to a cyber attack, backing up your business-critical information can help you to keep going
  • staying alert – keep up-to-date with security threats and make sure you don’t fall into the trap of alert fatigue
  • training your employees – make sure your employees are working safely online and that they know what to look out for, and how to report signs of cyber attack
  • using password protection – office equipment and phones should be protected by strong passwords, and important accounts (like banking) should have two-factor authentication set up (this is an extra layer of security known as 2FA)
  • risk planning – create a business continuity plan so you know what to do if your business experiences a cyber attack and how to minimise disruption 

Along with a thorough cyber security policy, you should also have a website privacy policy that outlines how you collect and store data.

What is cyber security?

Cyber security is the act of protecting the devices and online services we use from theft or damage. This includes smartphones, laptops, tablets and computers, as well as preventing unauthorised access to the personal data you store about your customers.

Woman working at computer in office

Photograph 2: BullRun/stock.adobe.com

Why is cyber security important?

Cyber security is important for protecting your business from online threats like theft, extortion and damage. Potential hackers may try to gain unauthorised access to personal information, passwords, intellectual property, financial data, or sensitive data to cause harm to your business.

Financial loss, data breaches, and reputational damage are just some of the risks of a cyber attack.

If your business has reached a certain size, you might consider hiring a cyber security analyst.

Julia Studholme, former Cyber Security Analyst at Simply Business, says:

“Now, more than ever, cyber security is at the forefront of organisations of all sizes. Cyber attacks are routinely front-page news, but in addition to the reputational damage that attacks can have on businesses, they can cause a major amount of business disruption too. Behind the headlines, there’s often further damage to business operations such as system outages, data loss and financial losses too.”

What is cyber insurance – and how can it help your business?

As the number of recent cyber attacks continues to grow, cyber insurance could help to protect your small business.

This type of insurance could be beneficial for your business if you hold sensitive data such as personal customer details, rely on computer systems and online software, or have a payment card industry (PCI) merchant services agreement.

Read our guide to cyber insurance for small businesses to find out more about the biggest cyber attacks, the data breaches you could be fined for, and the software you can use to protect your business.

‘Remote working has added a layer of complexity’

Speaking of the common threats and trends related to cyber security, Studholme said:

“Widespread adoption of remote working has added a layer of complexity when it comes to cyber security risks. Not only do companies have to concern themselves with all of the devices on their corporate networks, but they have to consider devices that are on employee’s home networks too, over which they have much less visibility.

“One of the main threats facing businesses today is cloud vulnerabilities. The adoption of cloud-based services and infrastructure (and in some cases, multi-cloud adoption) has meant businesses become a prime target for attackers.”

Although it might be difficult to stop every threat, small businesses can protect themselves in a by having as many layers of defence as possible and creating obstacles for hackers to get around.

These could include multi-factor authentication technology and regularly training staff about the cyber security threats they face.

Small business guides and resources

Ready to set up your cover?

As one of the UK’s biggest business insurance providers, we specialise in public liability insurance and protect more trades than anybody else. Why not take a look now and build a quick, tailored quote?

Start your quote

Written by

Catriona Fuller

Catriona Fuller is a content and marketing professional with 12 years’ experience across the financial services, higher education, and insurance sectors. She’s also a trained NCTJ Gold Standard journalist. As a Senior Copywriter at Simply Business, Catriona has in-depth knowledge of small business concerns and specialises in tax, marketing, and business operations. Catriona lives in the seaside city of Brighton where she’s also a freelance yoga teacher.

This content is for general, informational purposes only and is not intended to provide legal, tax, accounting, or financial advice. Please obtain expert advice from industry-specific professionals who may better understand your business’s needs. Read our full disclaimer