How to avoid being hacked

16 / 05 / 2025 Written by Laser Red
robot face on a computer

Two major UK Brands Got Hacked. Here’s how to avoid being next

It’s not just any cybersecurity breach. It’s an M&S cyber-security breach.

In the wake of recent high-profile cyber attacks on Marks & Spencer and Co-op, cybersecurity is again in the spotlight.

These events are reminders that no business is immune to digital threats, regardless of size or reputation.

At Laser Red, we take security seriously internally and for our clients, which is why we have put together a list of everything you should already have in place.

We’ve also thrown in some extra measures you can take for your business to mitigate risk.

1. Prevention

What could have helped M&S and Co-op?

Whilst we don’t know every technical detail behind these breaches, publicly available information suggests social engineering and insufficient internal controls played a big role, particularly in the M&S attack.

An attacker was able to impersonate an admin user to gain access via a helpdesk request, exploiting the lack of verification protocols.

Here’s what we recommend:

  • Regular Penetration Testing: This mimics an attacker’s approach, whether they’re breaking in or already inside. These tests identify vulnerabilities before a real attacker does.
  • Malware Scanning: Continuous scanning for e-commerce malware and vulnerabilities ensures you’re not waiting for an attack to happen months later.
  • Update and Patch Management: Older plugins are one of the biggest risks for WordPress sites. A monthly maintenance package will mean proactive updates and security scans using the Wordfence plugin.
  • Content Security Policies (CSP): These defend against script injection and clickjacking. It’s complex to implement in WordPress, but it’s high on any pen tester’s checklist.
  • Cloudflare DNS: Get DDoS protection, bot filtering, and performance benefits – all for free! It’s a simple step with big returns. Or go one step further and upgrade to advanced bot mitigation, Captcha challenges, and managed Web Application Firewall (WAF) rules written by top security researchers.

2. If a breach happens

No security system is perfect, which is why a response plan is just as important as prevention. Here’s a basic outline to follow:

  • Isolate the Breach: Limit access immediately to prevent further spread.
  • Assess the Impact: What systems, data, or customers are affected?
  • Inform Stakeholders: Clients, customers, internal teams, and regulators, if needed (as per GDPR).
  • Begin Recovery: Clean infected systems, patch vulnerabilities, and reset credentials.
  • Review and Learn: Post-incident analysis is vital for improving your defences.

If you’re not sure where to start, contact our team who can support this process with both technical triage and external communications as needed.

3. How do we keep Laser Red secure?

Although we take every security measure seriously, this is a fair and responsible question that you should always be asking.

Fortunately, we maintain strict internal protocols to protect client systems and data which includes:

  • Access Controls: We use 2FA and Single Sign-On (SSO) for all internal systems. If an employee ever does leave, access is instantly revoked across all platforms.
  • High Password Standards: Protocol is in place to ensure strong passwords are always used.
  • Role-Based Permissions: Employees only have access to the systems necessary for their tasks.
  • Remote Security Protocols: Our distributed team works through secure VPNS and monitored environments.
  • Audit Trails: We log internal actions on client accounts so we can trace and address anomalies quickly.

In the unlikely event of a breach on our side, our first step is transparency. We’ll notify affected clients immediately and take coordinated action to secure systems.

Keeping you secure

Cybersecurity isn’t a set-it-and-forget-it task. It’s a living, ever-evolving strategy that evolves with the threat landscape.

If recent attacks have shown anything, it’s that both technical infrastructure and human behaviour require constant scrutiny to stay ahead of threats.

If you’d like to explore penetration testing, CSP implementation, Cloudflare setup, or enterprise-grade security scanning, let’s talk. We’re here to help protect what you’ve built.

Contact our expert team now to ensure your digital security is taken care of.