Following the discovery of an attempted hack, The Co-op have been forced to shut down parts of their IT system. On the 29^th of April, a letter was sent out to members of staff that as part of measures taken to “keep systems safe”, access to some systems had been “pre-emptively withdrawn”. It is not expected that this’ll impact customers directly, with only back office and call centre services being slightly impacted.

A Co-Op spokesperson said: “We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period.”

This action from The Co-op demonstrates a clear commitment to ensuring that their systems remain secure, with detection likely occurring before any significant damage can be done. This comes shortly after a cyber incident involving Marks & Spencer, which has led to many stores being left with empty shelves, while they try and recover from the attack.

These incidents demonstrate two things:

• It is vital to have the appropriate security measures in place on all systems. While the cause of either incident is still unknown, having the highest level of security appropriate for each system will reduce the probability of hackers gaining unauthorised access to systems and devices.
• The importance of taking quick and effective action in these situations. While The Co-op is experiencing a small level of inconvenience from system access being withdrawn, the impact is no where near as devastating as what could have happened if the hackers continued to have access.

If you have concerns about how well protected your systems are, below are a few simple steps that you can take that have significant benefits:

• Ensure a form of multi-factor authentication is present on all systems. No matter how complex they are, passwords should be supplemented with a second form of authentication. This means that if an unauthorised individual somehow finds out your password, there are still roadblocks in place preventing them from gaining access.
• Correctly decommission all unused accounts. When an account for a system is no longer required, it is important that it is either decommissioned or deleted. These accounts often act as easy access for hackers, as it is much harder for you to detect that they are being used. This is especially important for things such as email addresses, as these can often be used to gain access to a wide range of company systems.
• Update software and systems to the latest versions. Modern software is constantly being updated to patch security vulnerabilities. This means that to remain as safe as possible, you’ll need to be on these latest versions. Updates are usually quick and can be run in the background.

If you suffer a data breach. It’s vital that you act quickly. To see how PRIVACY HELPER could aid in your breach management and response, take a look at our Data Breach Management page.