Blog

BBC

Cyberattacks feel pretty inescapable at the moment. They’ve always been there but in recent months there have been countless high profile attacks which have potentially huge consequences, including: 

• Kering (parent company of Gucci, Balenciaga, and Alexander McQueen): ‘Data linked to 7.4 million unique email addresses’ was reportedly stolen. The company confirmed the stolen data did not include any financial information (e.g. card details). However, the data did include ‘total sales’ showing how much people had spent with each brand or in stores, significantly increasing the risk of more sophisticated social engineering attacks.
• The Co-op: The malicious attack back in April (although the actors responsible suggest they were in the systems ‘long before’ being discovered), where 6.5 million customers’ data was stolen, led to empty shelves and problems with digital payments, ultimately costing the business £206 million in lost sales.  
• Jaguar Land Rover: After a cyberattack forced them to suspend production for over a month, at a reported cost of at least £50 million a week, the UK Government has underwritten a £1.5 billion loan guarantee intending to protect not only JLR employees but also their supply chain (some of which supply parts exclusively to JLR).
• Discord: Discord’s third party supplier, which helps verify users’ age, was subject to a cyberattack with bad actors obtaining approximately 70,000 users’ official ID photos (among other information). This is a timely reminder that your security is only one part of the puzzle and attention must also be given to the security of your supply chain. This attack may raise particular concerns given the number of platforms which are now processing this type of data (to bad actors an incredibly valuable commodity) for the first time to comply with requirements of the Online Safety Act. 

However, smaller businesses or even those not ‘in the spotlight’ can’t rest easy in the hope hackers won’t care about them. In fact, they may even be low hanging fruit. For example: 

• A ransomware group gained entry to KNP’s (a 158 year old transport company) systems by simply guessing a single employee’s password. Once in the system they encrypted the company’s data and locked its systems. The company couldn’t afford the ransom (estimated to be as much as £5 million) to get the data back and ultimately entered administration.  
• Threat actors also recently obtained the data of approximately 8,000 nursery children as well as their families and employees of the Kido nursery chain by ‘buying access’ to a staff computer. The hackers initially started posting profiles of children (including pictures, dates of birth, birth place, safeguarding notes, who they live with, and contact details), with threats to release more data. Unsurprisingly, this attack received a lot of negative publicity. The actors subsequently blurred images of each child, as “leadership isn’t happy with the attention that posting full images does” (as confirmed by the hackers to a BBC correspondent) but the threats to continue releasing data remained. Those behind the attack were contacting parents via email and even making ‘threatening’ phone calls saying to one parent “they would post her child’s information online unless she put pressure on Kido to pay a ransom“. The actors have since removed the posts and claim to have deleted the information. There is, however, no way to know for sure this has occurred. Previous instances have seen similar claims where ‘deleted data’ is found to have been retained or even sold. This is another reason why paying a ransom is no guarantee – for example, when the National Crime Agency ‘took down’ a gang of cyber criminals they found lots of data ransomware victims had paid to be deleted. In any event, like any information online, the data posted is now ‘out there’ and anyone may have taken copies. Nevertheless, two 17-year-old boys have now been arrested in connection with the ongoing investigation. 

It’s clear that ‘no one is safe’ and those behind these attacks show no signs of slowing down. A representative from the National Crime Agency suggests she has seen incidents double in the last two years to around 35 – 40 per week. Recent research based on a survey of over 200 cybersecurity professionals in the UK whose companies were subject to a ransomware attack between January – March 2025 also shows that the median demand is over £4 million, which could be devastating for small businesses. 

ICO’s Top Tips 

It’s, therefore, unsurprising that the ICO have issued a list of practical steps small businesses should take: 

1. Back up your data 

Data should be regularly backed up, but you also need to check it has worked/is working as intended. Equally, you’ll need to make sure the back up isn’t connected to the live data source to ensure that, if there is malicious activity, it won’t reach the back up.  

If you use an external storage device, don’t forget to (a) keep it somewhere other than your main workplace; (b) encrypt it; and (c) lock it away, if possible. 

2. Use strong passwords and MFA 

If your password is ‘password’, ‘Password1’, ‘Password123’, etc. (you get the jist), it’s probably time to update it!  Always consider strong and unique passwords which would be difficult to guess (e.g. the National Cyber Security Centre recommend picking three random words for passwords). 

Where you have the option, always consider enabling multifactor authentication (MFA). Although it may be inconvenient waiting for your code to be text/emailed, this second layer of security is always a useful measure to implement. 

3. Be aware of your surroundings

One to remember next time you want to do some work on your morning commute. It’s important to exercise caution when working out and about. Whether you’re on the phone or using a screen when people are around, sending a few extra emails is probably not worth the headache of potentially needing to deal with a security incident. 

4. Be wary of suspicious emails

It’s always important to ensure you are cautious of suspicious emails. Sometimes it may just be an odd new request, but things like bad grammar, a need to act urgently, and requests for payment are typical signs something may not be real. It’s also worth checking email addresses carefully, e.g. a capital ‘i’ (I) looks near identical to a lower case L (l).  

However, things like generative AI and spoofing technologies are enabling threat actors to become more sophisticated. A phishing email may not be as implausible as it once was or written with poor English. Equally, it could appear to come from the sender you know (see, for example, where deepfakes were used to convince someone to transfer $25 million on what they believed were the instructions of the CFO).   

5. Install anti-virus and malware protection (and keep it up to date)

Whether in an office or working from home/away, you need to ensure your devices are secure. Anti-virus software is a useful tool to protect against malware which may be sent via phishing attacks. 

6. Protect your device while it’s unattended

Whenever you are temporarily away from your desk, at least lock your screen. If you’re going to be away for longer, make sure your screens are in a secure place. An unlocked and unattended laptop in a cafe is a threat actor’s dream.  

7. Make sure your Wi-Fi is secure

Even if you’re conscious of your surroundings and locked your screen as recommended while in a cafe, if you’re using the public Wi-Fi or an insecure connection you could still be risking personal data. 

Always make sure you are using a secure connection when connecting to the internet, and if you use the cafe’s public network, it’s worth also using a secure virtual private network. 

8. Limit access to those who need it

Not everyone in the business will need access to everything, so there should be access controls to ensure people can only see the data they need to. This also needs to be kept in mind where people leave the business or if they’re absent for a long period, as you’ll need to suspend their ability to access the systems. 

9. Take care when sharing

Showing someone the wrong thing is hardly new, but it still happens. A lot. For example, you may be sharing your screen in a meeting and have tabs or documents which are confidential or include personal data open which can easily be accidentally shown. Equally, make sure notifications are turned off if you’re sharing a screen to avoid someone else sending something to you being seen by others. 

If you’re emailing lots of people which could reveal sensitive information about recipients, consider alternatives to BCC’ing them, such as bulk email or mail merge services. It’s not uncommon for people to CC rather than BCC people, but in certain contexts this could reveal sensitive, if not special category, personal data (see for example, the charity which was fined by the ICO in 2020 when they CC’d 105 members of an HIV advisory board on an email which meant people could be identified). The ICO do also have guidance on sending bulk communications via email. 

10. Don’t keep data for longer than you need it 

Not only does this limit the amount of personal information which is at risk if you are subject to an attack or there is a breach, but it will also free up storage space and is likely cheaper! 

11. Dispose of old IT equipment and records safely 

When someone leaves the business, or they get new equipment, make sure there is no personal data on the devices (whether they are laptops, smartphones, or any device) before they are thrown away. For peace of mind, you may want to consider using deletion software or engaging a specialist to wipe any data. 

Is cybersecurity a priority for your business? 

The ICO is clear that “[m]ost small businesses hold personal information and conduct business digitally, so cyber security must be a priority“. Ian Hulme (Executive Director for Regulatory Supervision at the ICO) also added that “[w]hile cyber attacks can be very sophisticated, we find that many organisations are still neglecting the very foundations of cyber security“. 

Of course, all types of organisations need to ensure their systems are resilient against complex attacks, and they are able to meet their security obligations under data protection law. However, it’s important to get the basics right too (we need to walk before we can run!). 

Equally, no system is infallible and it’s not uncommon, for example, for cyber criminals to simply buy their way in by ‘paying off’ an employee. Things do go wrong, even for small businesses, so it’s important to think about what you will do when things go wrong, before they do. It may also be worthwhile considering obtaining insurance to cover the costs of a cyberattack (although you’ll still need to have a good standard of security in place to ensure you don’t void any such insurance). 

If you’d like to discuss your security obligations or how best to mitigate the chance of and prepare for a cyberattack, or would like training for your organisation, please do reach out to your usual Lewis Silkin contact.

• In the past week, Robert Half was recognized by Forbes as one of the World’s Best Employers for 2025, an accolade based on an independent survey of more than 300,000 employees across 50 countries that measures satisfaction, culture, and global reputation.

• This global recognition underscores Robert Half’s continued investment in employee well-being and its reputation as an employer committed to professional and personal growth opportunities.

• We’ll examine how Robert Half’s global employer recognition could shape its investment narrative by highlighting employee-focused strengths and culture.

Trump has pledged to “unleash” American oil and gas and these 22 US stocks have developments that are poised to benefit.

To be a shareholder in Robert Half today, you have to believe that its reputation as a top global employer translates into long-term competitive advantages, especially as the biggest short-term catalyst remains a sustained recovery in hiring demand, while persistent pressures on revenue and margin are still the biggest risks. The recent Forbes World’s Best Employers award is a boost for the company’s employer brand, but it is unlikely to materially shift the near-term outlook given ongoing headwinds in the core business.

Among recent announcements, Robert Half continues consistent quarterly dividends, with the most recent payout of US$0.59 per share, reinforcing its focus on rewarding shareholders, even through a period of weak revenue trends. This dividend consistency may offer reassurance for some investors as they weigh the potential impact of new accolades on the company’s fundamental recovery story.

In contrast, investors should be aware of persistent revenue declines and the risk that…

Read the full narrative on Robert Half (it’s free!)

Robert Half’s narrative projects $5.9 billion in revenue and $313.2 million in earnings by 2028. This requires 1.9% annual revenue growth and a $135.1 million increase in earnings from $178.1 million today.

Uncover how Robert Half’s forecasts yield a $41.56 fair value, a 33% upside to its current price.

Five fair value estimates from the Simply Wall St Community range from US$32 to US$49,991.88, reflecting strikingly wide opinions on Robert Half’s potential. While investor confidence varies, the ongoing risk of flat or declining sales continues to be a factor in shaping expectations for the business’s trajectory, consider exploring several viewpoints before drawing your own conclusion.

Explore 5 other fair value estimates on Robert Half – why the stock might be a potential multi-bagger!

Disagree with existing narratives? Create your own in under 3 minutes – extraordinary investment returns rarely come from following the herd.

Right now could be the best entry point. These picks are fresh from our daily scans. Don’t delay:

This article by Simply Wall St is general in nature. We provide commentary based on historical data and analyst forecasts only using an unbiased methodology and our articles are not intended to be financial advice. It does not constitute a recommendation to buy or sell any stock, and does not take account of your objectives, or your financial situation. We aim to bring you long-term focused analysis driven by fundamental data. Note that our analysis may not factor in the latest price-sensitive company announcements or qualitative material. Simply Wall St has no position in any stocks mentioned.

Companies discussed in this article include RHI.

Have feedback on this article? Concerned about the content? Get in touch with us directly. Alternatively, email editorial-team@simplywallst.com

An “exciting milestone” has been reached in the development of a new medical testing centre set to open this year.

All 13 modular units which will make up the building of the community diagnostic centre at the Camborne Redruth Community Hospital have been delivered and connected.

NHS Cornwall and Isles of Scilly said internal work was now underway to complete the fit-out ahead of the facility opening to patients.

Susan Bracefield, chief nursing officer of NHS Cornwall, said: “We are excited to be opening another new community diagnostic centre for Cornwall, as part of our continued investment in delivering more services closer to people’s homes, something we know local people really value.”

She added the centre would mean more patients would benefit from faster diagnosis, shorter waiting times, and improved access to treatment.

Once operational the community diagnostic centre would provide:

• X-rays, MRI and CT scans
• Blood tests (phlebotomy)
• ECGs and respiratory checks
• Endoscopy services

Geoff Searle, chief executive of InHealth, added: “This is an exciting milestone in the South West CDC programme.

“Expanding this model of healthcare in the South West will bring real benefits to local patients, improving health outcomes through greater access, capacity and choice.”

NHS Cornwall said the hospital site already had strong public transport links but would see an additional 22 new parking bays to ensure easy and convenient access for patients and visitors.