Marks & Spencer’s Cyber Attack: A Wake-Up Call for Small Businesses

Marks & Spencer has faced its fair share of challenges over the years, but nothing quite like this. The retail giant, known for its British heritage and commitment to quality has found itself at the mercy of cybercriminals last month in a ransomware attack that sent shockwaves through its operations.

CEO Stuart Machin summed it up perfectly when he described the moment he found out: “I went into shock.” And frankly, anyone would. The attack locked critical systems, paralysed contactless payments, and left customers frustrated when online shopping went dark. And while M&S WILL recover as it has the resources to rebuild, what about small businesses? A similar attack would most likely cripple them entirely!

Cybercriminals Don't Just Target Giants

Many small business owners assume hackers are only interested in the big players, but that’s dangerous thinking. If anything, cybercriminals love small businesses because they often lack proper security measures, making them easy prey. The M&S attack highlights the growing sophistication of cyber threats, especially ransomware, where hackers lock systems and demand payment for their release.

For smaller businesses, an attack like this could be fatal. Unlike M&S, they don’t have the luxury of a multi-million-pound recovery strategy. That means prevention is key. Here’s how small businesses can protect themselves from the kind of attack that shook one of Britain’s biggest retailers.

Six Steps to Protect Your Business from Cyber Attacks

1. Cybersecurity Training for Your Team

M&S admitted that human error played a role in the attack. That’s a lesson for all businesses. Your employees are your first line of defence. Teach them to spot phishing attempts, avoid suspicious downloads, and use secure passwords. There are free courses available and lots of YouTube videos that can guide them.

2. Stronger Passwords & Multi-Factor Authentication (MFA)

Weak passwords are a hacker’s dream. Make sure employees use complex passwords (not just the name of your dog with added letters Milo01! or password123!). Even better, if you have the option, implement MFA (Multi Factor Authentication) so hackers need more than just a password to break in.

3. Regular Software Updates

Cybercriminals exploit outdated systems. Update everything… Your software, operating systems, and security tools. These updates often contain patches for vulnerabilities that hackers love to exploit.

4. Secure Backups (Online & Offline)

M&S had to overhaul its entire digital infrastructure, a move accelerated by the attack. Small businesses need to think ahead, too. Regularly back up data to secure locations (even regular hard copy backups sitting on external drives in a living room drawer will do), so even if hackers strike, your business can recover without paying a ransom.

5. Firewalls & Antivirus Protection

Basic cybersecurity isn’t optional. Firewalls block unauthorised access, while antivirus software detects threats before they spread. Skipping these tools is like leaving your doors wide open for criminals.

6. Incident Response Plan

Imagine waking up to find your systems locked, payments halted, and customers panicking. What’s your move? Businesses, big and small, must have a cybersecurity response plan. Know who to contact, what to shut down, and how to revert damage swiftly.

Final Thoughts: A Lesson Small Businesses Can’t Ignore

The M&S cyberattack should set off alarm bells for businesses across the UK. If hackers can hit an FTSE 100 retailer and cause millions in damages, small businesses must take cybersecurity seriously, because the cost of doing nothing is far greater.

Please don’t wait until disaster strikes.