5 Top Cybersecurity Tips Every Business Needs in 2025

In 2025, even household names are not immune. When Jaguar Land Rover, Harrods, and Marks & Spencer all make headlines for cyberattacks, it underscores that no business - large or small - is off the radar of threat actors. 

• Jaguar Land Rover: In late August/early September, the automaker was hit with a crippling cyberattack that forced a shutdown of multiple UK factories and halted critical IT systems. The ripple effects spread through its supply chain, and the UK government stepped in with a £1.5 billion loan guarantee to help stabilise operations.  

• Harrods: The luxury department store recently disclosed that over 430,000 customer records were stolen via a breach affecting a third-party provider. While payment data and passwords were reportedly not compromised, the incident highlights how attackers increasingly target weaker links in supply chains. 

• Marks & Spencer (M&S): Earlier in 2025, M&S grappled with a ransomware attack that disrupted its online ordering, contactless payments, and “Click & Collect” services. The financial hit was estimated in the hundreds of millions. 

These high-profile attacks are not isolated. They reveal evolving patterns: attackers targeting supply chains, abusing third-party systems, and infiltrating critical operations to cause business disruption or data theft. 

The good news? By taking proactive steps, you can reduce the risk of attack and build long-term cyber resilience.

Here are five essential cybersecurity tips for 2025 that every organisation should put into practice. 

1. Use Strong, Unique Passwords

Passwords remain one of the first lines of defence. A weak or recycled password can grant attackers instant access to sensitive systems. Strengthen your passwords by: 

• Combining letters, numbers, and symbols. 

• Using long, uncommon phrases. 

• Avoiding reuse across accounts. 

A small change in password hygiene can make a huge difference in keeping intruders out. 

2. Enable Two-Factor Authentication (2FA)

Even the strongest password can be compromised. 2FA adds another layer of protection by requiring a code, fingerprint, or face scan in addition to your password. Rolling this out across your organisation drastically reduces the likelihood of a breach. 

3. Stay Alert to Phishing Emails

Phishing remains one of the most common - and costly - attack methods. Cyber criminals often mimic trusted senders to trick you into clicking malicious links or sharing sensitive information. It is recommended to: 

• Hover over links before clicking. 

• Avoid responding to unexpected messages. 

• Report suspicious emails to your IT team immediately. 

Vigilance is the best defence. 

4. Keep Software Updated and Use Antivirus Protection

Antivirus software actively monitors devices for threats, while regular software updates patch vulnerabilities before criminals can exploit them. Enabling automatic updates ensures you’re protected without having to think about it. 

5. Avoid Public Wi-Fi Without a VPN

Public Wi-Fi networks may be convenient, but they’re also a hotspot for cyber criminals. If you must connect, always use a secure VPN to mask your identity and protect your browsing activity. Afterwards, set your device to forget the network so it won’t reconnect automatically in future. 

Cybersecurity Is Everyone’s Responsibility 

Protecting your organisation isn’t just the IT team’s job - it’s a collective responsibility. Human error remains one of the biggest risks to security, so building a culture of cyber awareness is essential. 

That’s where ongoing cyber awareness training comes in. 

• Take the next step today and sign up for our online Cybersecurity Awareness Course at BESA Academy. 
• BESA Members can also download a Cybersecurity factsheet under 'useful guidance' here.

Equip yourself and your team with the tools, knowledge, and confidence to keep your business secure in 2025 and beyond.