Cyber-attacks aren’t just a threat to big names anymore but when they do hit the headlines, they serve as a wake-up call for everyone else.
Marks & Spencer has just revealed the impact of a ransomware attack that could wipe £300 million off its trading profits. Their online operations are still disrupted, they’ve had to revert to manual processes, and billions have been wiped from their market value. All from a breach that, according to the CEO, began with human error
This is the reality of cyber threats in 2025: sophisticated, fast-moving, and costly.
The same group of hackers is believed to be behind attacks on Harrods and Co-op too, and both retailers admitted customer data was stolen. The consequences aren’t just financial, they shake customer confidence, impact operations, and take months to recover from.
Let’s be clear: a cyber-attack like his could happen to anyone.
These incidents are a stark reminder that no business is too big or too prepared to be targeted and while you can’t eliminate risk entirely, there are steps you can take to reduce your chances of becoming the next headline.
Here are three best practices we recommend to all our clients:
- Keep Everything Up to Date
Cyber attackers often exploit known vulnerabilities in software, operating systems, and devices – many of which already have patches available. That’s why it’s essential to keep your systems fully updated, from employee laptops to servers to the tiniest firmware update. Patch management should be part of your regular IT hygiene.
- Monitor Everything – All the Time
You can’t protect what you can’t see. From firewalls to file storage, having 24/7 monitoring in place means you can spot unusual activity early and before it turns into a major issue. Our clients benefit from 24/7 round-the-clock monitoring, alerting, and action to stop potential threats in their tracks.
- Train Your Team to Spot Social Engineering
Not all attacks come through brute force – some walk straight through the front door. Social engineering attacks (like phishing emails or fake helpdesk calls) are designed to trick your people into handing over credentials or clicking malicious links. Ongoing training and awareness campaigns are your frontline defence.
Learning from the Headlines
At IT Naturally, we’ve reviewed our own systems in light of recent attacks. One of the immediate changes we’ve made is to tighten our password reset policy to minimise potential vulnerabilities. It’s a small but important change – and that’s the point. Security isn’t one big fix, it’s hundreds of small decisions made consistently.
So the question is:
How confident are you in your own IT security?
If you’re not 100% sure, it’s time to act.
Want to Know How Secure Your Business Is?
We’ve created a quick Cyber Security Review – it takes just a couple of minutes to complete and gives you a clear score showing how protected your business is right now. No jargon, no pressure – just insight you can act on.
Get your Free Cyber Security Score
Human error happens, but with the right support, you can stop it from becoming a £300 million mistake.
If you’d like support with reviewing your own cybersecurity strategy, we’re here to help. Whether you need a full audit, a second opinion, or a friendly nudge in the right direction, we’re ready when you are.
Take the first step now and Get your Free Cyber Security Score.