In recent months, cyber-attacks on high profile retail businesses including Marks & Spencer (M&S) and the Co-op have made the news headlines. This has affected many customers of these businesses, not just in terms of product availability, but also by having their personal data sold to criminals on the dark web. Of even greater significance is the massive financial impact on the businesses themselves, with M&S’s losses running into hundreds of millions.
The M&S incident is particularly worrying because it didn’t start from a direct breach of M&S itself – it allegedly happened through a third party IT provider. This type of attack, known as a supply chain attack, is one of the fastest growing cyber security threats. In fact, the UK Government and the National Cyber Security Centre have singled it out as a major area of concern for British businesses and in particular, professional services firms.
IT outsourcing providers like Pro Drive IT are particularly attractive targets to cybercriminals. Why? Because we have access to many different businesses’ systems and data. But the same risk exists within your own internal IT department too. If a criminal can impersonate you or a colleague, they could persuade your IT team or outsourced provider to grant them access or make changes that could compromise your entire system.
Think about how easy it is for a cybercriminal to impersonate a legitimate request:
The critical question is: How does your IT support team know it’s really you? Do they have a robust verification process in place? Or are they relying on trusting that communication using these methods is genuine?
At Pro Drive we understand our responsibilities to both our clients and their clients’ data. We’ve introduced strict verification systems to ensure that no request, whether via email, portal, or phone, is acted on until we’ve confirmed it’s genuinely coming from you or your staff.
If you’re not sure your IT people taking these steps, it’s time to ask some tough questions:
✅ Do they verify every single request for system access or changes?
✅ Are they trained to spot suspicious requests?
✅ Do they have a layered approach to verification, not just relying on easily spoofed methods?
You wouldn’t let your staff make big decisions without verifying the identity of your clients, so why let your IT provider make security changes without similar checks?
Pro Drive has specifically developed its own security systems to provide a bespoke approach designed especially to meet the needs of professional and financial services firms. To find out more, and how we would protect your data, call us on 0330 124 3599 or use the form below.