Lessons learnt and how does it apply to me?
Cyber security breaches can cause significant financial and reputational damage, even for well-established companies like Marks & Spencer (M&S).
M&S boss Stuart Machin confirmed the hackers got in through "social engineering" - when they pretend to be someone trustworthy, and trick a person into giving out personally identifiable information.
A small bit of information here, and another piece from another source can eventually help hackers build up a profile of someone they want to attack, then before you know it they have a complete profile, including passwords and secret phrases, that is enough to access online accounts.
Trevor Bradfield, Founder & Director of Unity IT offers the following simple but effective advice:
1. User Account Control is Crucial – Account Separation!
Application for ICB Bookkeepers:
Bookkeepers have access to vast amounts of confidential data such as bank statements, payroll records, and tax information.
Even though you “don’t store confidential information on your computer”, which does reduce your risk significantly, if your computer is compromised, for example with a keylogger and screen grabber, the information that is displayed on your screen and typed on your keyboard can be used to build up the profile of the intended victim, and you would not even be aware it is happening…
To prevent malicious software being installed on your computer (PC or MAC – Yes! Even MAC’s can be compromised!), NSCS (National Cyber Security Centre) advises you should create a separate user account that has admin privileges, and then demote the account that you use for your daily work to a standard user account. This means that software cannot be installed without using the admin account credentials.
Cost: £0.00
Time to action: 15 minutes
2. Updates Prevent Breaches
"We're patching like mad," is what one retailer told the BBC.
Application for ICB Bookkeepers:
Relying on outdated systems or ignoring regular security updates increases vulnerability. Bookkeepers should ensure that all software (including accounting platforms and cloud storage solutions) is regularly updated. Run antivirus scans, back up data frequently, and consider conducting periodic audits of security practices. NCSC recommends that all updates are downloaded and applied with 14 days of them being released to ensure application stability and security.
Turn on automatic updates!
The next time you see that your computer wants to restart to install updates, go and put the kettle on for a cuppa!
Cost: £0.00
Time to action: <5 minutes
The Marks & Spencer breach serves as a reminder that no business is immune to cyber threats. For ICB bookkeepers, protecting client data isn’t just about technology - it’s about responsibility, trust, and professional standards. By applying lessons from this breach - implementing strict access controls, maintaining regular security updates, and prioritising data protection - bookkeepers can significantly reduce their risk and maintain a strong reputation in a digital world.
Cyber Essentials certification demonstrates that an organisation is protecting itself by implementing the most important cyber security controls (that don’t cost anything) and is Government’s minimum baseline standard for cyber security for organisations of all sizes in the UK. (It also comes with £25k of Cyber Insurance!)
ICB has certified Cyber Essentials Certification through Unity IT for all ICB members. Unity IT are an officially Accredited Certifying Body for Cyber Essentials.
