This week, another cyber attack was reported by BBC investigations. This time, a Northamptonshire transport firm, Knights of Old, established 158 years ago, collapsed after a ransomware gang exploited a weak password. The attack led to the failure of recovery defences and the deletion of critical backups, ultimately sealing the company’s fate and resulting in the loss of around 700 jobs.

Why this matters to your business

It’s tempting to dismiss such events as ‘that sort of thing only happens to big firms’, but the reality is stark. Across UK businesses, cyber resilience is no longer optional.

This single incident exposes a cascade of security failings: a weak password, no multi-factor authentication, no locked‑down VPN, inadequate backup protection, and a lack of zero‑trust architecture. Defeat at every level.

If your MSP hasn’t recommended and implemented these steps, speak to us

1. Password hygiene is just the beginning
   Reusing passwords, or relying on ‘Password123’, is a serious vulnerability. All user and admin accounts must use strong, unique, and complex passwords. Password managers should be standard practice across every organisation.
2. Implement Multi-Factor Authentication (MFA)
   MFA is non‑negotiable. It blocks attackers even if passwords leak. Protect all remote access, email accounts, and critical systems with MFA-enabled login.
3. Back up securely, and off‑site
   Backups are worthless if they’re accessible or deletable by attackers. Use immutable, off‑site backups that cannot be altered. Regularly test restoration processes to ensure business continuity.
4. Adopt a zero‑trust mindset
   Assume breaches will happen, segment your network, restrict privileges tightly, and verify every login. This stops attackers from moving laterally if one account is compromised.
5. Train staff and simulate breaches
   Habitual password errors often begin with human behaviour. Regular phishing drills, enforced secure password habits, and scenario-based incident simulations help staff recognise threats before they escalate.

A plea to business leaders

Knights of Old believed they were compliant with ‘industry standards’, yet that was clearly not enough. Security is not a bolt-on. It’s a business-critical discipline.

Without budget, strategy or awareness, you’re not only risking data, you’re risking livelihoods. Clients, vendors and stakeholders expect more than insurance or bare-compliance. They demand real, demonstrable trust in your cybersecurity posture.

In the end

The demise of a 158‑year‑old company, sparked by a single weak password, should serve as a wake‑up call. Cybersecurity isn’t some IT luxury; it’s the backbone of operational resilience, reputation and continuity. As an MSP, our role is critical: help our clients secure their future before they become another casualty – speak to us.