This goes to show that even British institutions aren’t beyond the clutches of cyber criminals. Starting with reports of things going wrong for customers, a week has passed and M&S have had to stop online orders for food and clothes in a bid to recover after a cyber attack. All orders have been stopped, and customers who have managed to place orders, have been issued refunds.
As well as online orders being suspended, gift cards, e-gift cards, and credit receipts can’t currently be used to physically make purchases in-store either.
What happened to M&S?
Although it isn’t currently clear who is behind the attack and the full scope of it, it’s been pointed out (and rightly so) exactly how insidious attacks can be, and the kind of far-reaching and long-lasting effects on business operations they can have!
M&S is a large company, and their experienced teams are working with experts and STILL, a week on, it’s having an impact on their business. It sends a clear message to business owners everywhere, that quick recovery isn’t necessarily a given when it comes to cybercrime incidents like these. With over a quarter of M&S sales being due to online sales and share prices dropping significantly following the attack, it’s safe to assume that this will have hit them hard financially.
When will the M&S problems be fixed?
How long is a piece of string? They’re clearly working to fix what has happened, and have reported the incident to the National Cyber Security Centre as well as the Information Commissioners Office (ICO) who are currently assessing the information they have been given.
But again, if a smaller business was hit with such an attack, would they be able to survive it? With more and more high profile Cyber Attacks being reported, it really is important to get ahead with your cyber security provisions, to hopefully minimise if not prevent any financial harm that could befall you if you fall victim to cyber criminals in a big way.
What should your business do now?
Even if you don’t use Gmail internally, you or your staff might still be receiving emails from Gmail users. That means you’re still part of the risk network.
To reduce your exposure:
Switch on multi-factor authentication (MFA) for all staff
Train your team on how to identify spoofed or suspicious emails
Use additional mail filtering and link-checking tools
Review your current email provider’s security posture
If needed, consider a move to Microsoft 365, with help from a trusted local provider
The M&S story makes it clear: email-based exploits don’t care about business size. They rely on trust and familiarity — and that’s exactly why they work.
At Clearsky IT, we help SMEs in the South West make sense of security risks and stay protected with tools that make life simpler, not harder. You don’t need to be technical to stay safe — you just need clear advice and a system that works for your business.
Further reading: Multifactor authentication
