Cyber attacks don’t care how big your business is – are you prepared?

This week, Marks & Spencer, one of the UK’s largest and most recognised retailers, faced a significant cyber attack.

The incident saw contactless payments and click-and-collect services disrupted across stores, but the retailer managed to continue trading thanks to its resources and a well-prepared response plan.

While a company of M&S’s scale can weather such storms, the incident raises a critical question for smaller businesses – would they survive the same?

James Atkin, Sales Director of Rochdale-based managed IT services provider No Fuss IT, warns that small and medium-sized enterprises (SMEs) are increasingly vulnerable to cyber threats. “There’s a dangerous assumption that cyber criminals only go after the big fish,” he said.

“The reality is, smaller businesses are often seen as easy targets because they lack the robust security measures that larger companies invest in.” According to James, many SME owners believe their size offers some level of protection.

However, this is a misconception that leaves them exposed. “We work with SMEs every day who think they’re too small to be on a hacker’s radar. But hackers don’t think that way.

They look for weaknesses – and smaller businesses often have more of them.”

Unlike major retailers, most small businesses do not have dedicated IT departments or the budget to employ full-time cybersecurity experts. However, this doesn’t mean they can’t protect themselves.

No Fuss IT advocates a straightforward approach to cybersecurity, ensuring essential defences are in place without overwhelming business owners with technical jargon or unnecessary complexity.

James outlines the basics every business should cover:

• Regular software patching and updates to fix known vulnerabilities.
• Strong password policies combined with multi-factor authentication for an added layer of security.
• Reliable data backups that are regularly tested to ensure they can be restored if needed.
• Staff training to raise awareness of common cyber threats such as phishing emails.

A clear, practical incident response plan. “M&S had the budget and the team to handle the attack. Most SMEs don’t – but that’s where managed IT services like ours come in,” said James.

“It’s not about having an enterprise-level budget. It’s about being prepared.” He emphasised that being proactive is far more effective – and cost-efficient – than reacting after an incident has already occurred.

“Preparation is key. Don’t wait until you’ve been hit to realise the value of cybersecurity.” Cyber attacks continue to rise across all sectors, and businesses of all sizes need to take the threat seriously.

James concludes with a challenge to local SMEs: “If a cyber attack hit your business tomorrow, would you survive it? If the answer is ‘I’m not sure’, then it’s time for a conversation.”

You can contact James and the team at No Fuss IT by visiting their website; https://www.nofussit.co.uk or by phoning 0330 057 7449