How your IT team can be tricked into letting cyber criminals access to your IT systems

In recent months, cyber-attacks on high profile retail businesses including Marks & Spencer (M&S) and the Co-op have made the news headlines. This has affected many customers of these businesses, not just in terms of product availability, but also by having their personal data sold to criminals on the dark web.  Of even greater significance is the massive financial impact on the businesses themselves, with M&S’s losses running into hundreds of millions.

Why your IT team or supplier can be your weak link

The M&S incident is particularly worrying because it didn’t start from a direct breach of M&S itself – it allegedly happened through a third party IT provider. This type of attack, known as a supply chain attack, is one of the fastest growing cyber security threats. In fact, the UK Government and the National Cyber Security Centre have singled it out as a major area of concern for British businesses and in particular, professional services firms.

IT outsourcing providers like Pro Drive IT are particularly attractive targets to cybercriminals. Why? Because we have access to many different businesses’ systems and data. But the same risk exists within your own internal IT department too. If a criminal can impersonate you or a colleague, they could persuade your IT team or outsourced provider to grant them access or make changes that could compromise your entire system.

Do your IT people have a robust verification process?

Think about how easy it is for a cybercriminal to impersonate a legitimate request:

• Emails can be spoofed to make them appear as if they’re coming from you.
• Web portals can be accessed with stolen credentials or a PC with malware on it
• Voice cloning software can be used to make phone calls to your support desk sound like a trusted member of your staff.

The critical question is: How does your IT support team know it’s really you? Do they have a robust verification process in place? Or are they relying on trusting that communication using these methods is genuine?

Why verification matters and how Pro Drive can help

At Pro Drive we understand our responsibilities to both our clients and their clients’ data. We’ve introduced strict verification systems to ensure that no request, whether via email, portal, or phone, is acted on until we’ve confirmed it’s genuinely coming from you or your staff.

If you’re not sure your IT people taking these steps, it’s time to ask some tough questions:

✅ Do they verify every single request for system access or changes?
✅ Are they trained to spot suspicious requests?
✅ Do they have a layered approach to verification, not just relying on easily spoofed methods?

You wouldn’t let your staff make big decisions without verifying the identity of your clients, so why let your IT provider make security changes without similar checks?

Pro Drive has specifically developed its own security systems to provide a bespoke approach designed especially to meet the needs of professional and financial services firms. To find out more, and how we would protect your data, call us on 0330 124 3599 or use the form below.