IT support and solutions when you need it most.
Clients Area
Comprendo Logo
padlock on keyboard, representing ways to protect against cyber attacks

Cyber Attacks Are On The Rise – Is Your Business Ready?

Marks & Spencer, Co-op and Jaguar Land Rover and many more have all felt the sting of cyber attacks in recent months. As October shines a spotlight on cybersecurity, is it time to make sure your business isn’t next in line?padlock on keyboard, representing ways to protect against cyber attacks

With major UK brands facing cyber breaches and smaller businesses increasingly being targeted, cyber resilience has never been more important. No two businesses are the same, and neither are their cyber security needs. What’s essential for a five-person team might look very different for a company of fifty.

October is Cyber Security Awareness Month; a reminder that no matter your size or sector, cyber risks are constantly evolving. From phishing scams to ransomware and AI-driven attacks, businesses must be proactive in protecting their data, customers and reputation.

In our latest Newsletter we’re sharing clear, practical, size-specific advice to help every business take the right next step towards better protection.

Cyber Security Basics for Small Businesses (under 15 IT users)

Smaller businesses are often seen as “easy targets” because attackers assume their defences are weaker. The reality is that even simple, affordable steps  that you can realistically sustain drastically reduce your risk without creating more friction.

Key Actions:
  • Strong password management
    Encourage the use of unique, complex passwords. A password manager can help your team generate and store credentials securely, avoiding the temptation to reuse weak passwords.
  • Multi-factor authentication (MFA)
    Adding an extra layer of protection for email, cloud services and financial systems means even if a password is stolen, accounts remain secure.
  • Avoid using admin accounts daily
    Staff should never use an administrator account for everyday work. This prevents malware or phishing attacks from gaining full system control.
  • Access control and monitoring
    Assign permissions based on role. For example, not every employee needs access to financial or HR files. Regularly review who has access to what.finger print on a key on a computer keyboard - biometrically protecting against cyber attacks
  • Change default passwords
    Routers, Wi-Fi points and even smart devices often come with factory-set logins.  Potential attackers know these defaults, so always change them to strong alternatives.
  • Keep systems updated
    Install updates for operating systems, applications, browsers and antivirus software promptly. Outdated software is one of the most common entry points for attackers.
  • Phishing awareness
    Provide staff with practical training. Even a short quarterly refresher can help employees recognise suspicious links, attachments or urgent “CEO-style” requests.
  • Regular data backups
    Use a secure cloud backup service or an offline backup stored separately from your network. Test recovery to ensure data can be restored quickly after an incident.
busy office environment with staff collaborating Strategic Cyber Security for Larger Businesses (15+ IT Users)

As businesses grow, so do their risks. Larger teams, higher volumes of data, and wider use of cloud services create more opportunities for attackers. A strategic security plan helps protect your business today and scales as you grow, continuing to align with your business goals.

 

Recommended Priorities:
  • Zero Trust architecture Zero Trust Architecture (ZTA) is a cybersecurity framework based on the principle “never trust, always verify”. It assumes that threats can exist both inside and outside the network, so no user, device, or system is automatically trusted. ZTA isn’t a single tool, it’s a holistic strategy combining identity verification, device security, network segmentation, continuous monitoring, and strict access control to minimise trust and maximise security. For example, whilst ZTA may not have prevented the M&S cyber-attack, network segmentation may have restricted movement in the retailer’s online systems, containing the breach to its initial point of entry instead of allowing it to spread.
  • Advanced monitoring and threat detection
    Traditional antivirus is no longer enough. Larger organisations need to deploy security solutions which monitor email systems, firewalls and servers, analysing logs and network activity in real time. They use machine learning to flag suspicious behaviour such as unusual logins, large file transfers or activity outside normal hours.
  • Incident response planning
    Having a step-by-step process for handling a ransomware attack or data breach and run simulated drills so teams know their roles. A prepared business can restore systems faster, ensuring business continuity, reducing costs and saving its reputation. Neither M&S nor Jaguar Land Rover were able to continue operations without their online facilities and JLR is still in the midst of getting its operations back up and running.
  • Vendor and supply chain security
    Third parties with access to your data or systems can be a hidden risk. Assess supplier security controls and ensure contracts include clear cyber security requirements. Ideally suppliers will have a cyber security accreditation, such as Cyber Essentials to assure you they take the security of their data (and yours) seriously.
  • Cyber insurance alignment
    Many insurers now require organisations to demonstrate strong cyber hygiene. Meeting standards such as MFA, encryption and monitoring ensures you remain covered and can recover costs after an incident. Cyber insurers are essentially looking for evidence that your organisation is not an easy target, and that if an incident occurs, the damage can be minimised.
  • Role-based access and encryption
    Ensure data is only available to those who truly need it, thus reducing risk if an account is compromised. Encrypting files both at rest and in transit reduces the impact of a breach. Even if a hacker gains access to storage, encrypted files are unreadable without the key. Encrypting emails, network traffic, and cloud communications prevents interception by attackers.
And Finally…Cyber Security demonstration

The cyber security landscape is rapidly shifting. With trends such as AI-powered attacks, deepfake scams, double-extortion ransomware and increased cloud adoption shaping this year’s threat environment, cybersecurity can only ever be an ongoing process.

Whether you are a small business putting the basics in place, or a larger organisation looking at advanced strategies, our team can assess your current security, identify risks and help you put the right measures in place to protect your business.

>> Contact us at: 0345 527 4394 / info@comprendo.co.uk to arrange your FREE 2-hour (no-obligation) consultation.

 

 

Share this article

Sign Up to our Monthly Newsletter

Keep up to date with all our news, views and the latest tech insights

We pride ourselves on offering top IT Support services to the UK region with a dedicated and custom approach tailored for your business needs.

Comprendo IT Support
  • 24/7/365 IT Support
Our Services
Get In Touch

7 Main Street, Crosshills, BD20 8TA

  • Call Support: 0345 527 4394
  • Email: info@comprendo.co.uk
Linkedin Facebook-square
Certified Partner
Microsoft Partner Network
Awards
Copyright © 2025 Comprendo. All rights reserved.
Comprendo IT Support

Looking to outsource your IT or
review your Cyber Security?

— Book your FREE 2-hour Consultation Today.—

Book Now