How to protect your personal and financial data from cyber attacks
M&S and the Co-op are the latest retailers to suffer from cyber hacks but consumers also need to be vigilant


High profile cyber hacks at Marks & Spencer and the Co-op in recent weeks have created plenty of inconvenience for customers.
Investors have been hit, with the M&S share price falling since its cybersecurity incident, but it is not just your portfolio that you should be worrying about.
Experts warn that individuals, as well as retailers, need to take data protection seriously otherwise you could be putting sensitive financial information at risk and leave yourself open to scams.
Subscribe to MoneyWeek
Subscribe to MoneyWeek today and get your first six magazine issues absolutely FREE

Sign up to Money Morning
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
Marijus Briedis, chief technology officer at NordVPN, said: “In the short term, customers face delayed transactions, in-store or online outages, reduced availability of products and an overall poor shopping experience.
“More significantly, these attacks can expose sensitive customer data — including payment information, contact details, and purchase histories — depending on which systems are compromised."
Data protection firm Yubico’s recent State of Global Authentication survey found that respondents’ most commonly compromised passwords are on the apps and services that hold their most confidential, financial and personal information.
Its regional director for the UK and Ireland Niall McConachie said: “While the onus remains on retailers to step up their security, consumers must also apply caution and take action to enhance their data security, in turn protecting their sensitive financial data.”
Here is how to protect your financial data from the risks of cyber hacks.
The importance of strong passwords
Most online activity nowadays requires a password that isn’t too easy to guess. Experts advise against using the same password for different accounts.
Briedis says this is often the first line of defence against a hack, adding: “If one password gets leaked in a breach, you don’t want it to open the doors to your email, bank, and shopping accounts all at once. Avoid birthdays or easily guessed passwords and consider using encrypted password vaults to store them safely if you can’t remember them all.
“Two-factor authentication (2FA) is one of the simplest, most effective tools available. It can block the majority of unauthorised access attempts — even if someone has your password. “This usually involves having access codes sent to your mobile phone when trying to log in via a website.”
Consumers can also use multi-factor authentication such as your fingerprint or face-scan, which will be specific to you and your device.
Update devices
Computer updates may be slow and inconvenient but old software is easier to hack.
Briedis added: “Cybercriminals love exploiting old software, so keep all of your devices and apps updated. This is especially important if the affected companies have issued updates to help protect your data."
The risks of public wi-fi
If you are working from a coffee shop or out at the pub, free public wi-fi can be attractive.
But be careful about the data you share and apps you access.
Briedis said: “Public networks are a hotspot for data interception.
“One very simple rule to follow is to avoid online banking or inputting payment details over public Wi-Fi, unless you’re using a virtual private network (VPN).
“It’s not about avoiding online shopping altogether — it’s about being smart. Stick to trusted retailers, check for HTTPS, and avoid saving your card information if possible."
Limit how much you share on social media
It may be fun to share your latest birthday or anniversary celebrations online but this can also supply hackers with useful personal information.
Siobhan Blagbrough, financial crime manager at Ocean Finance, said: “Social media is a goldmine for criminals looking for personal info to guess passwords or security questions.
“Think twice before posting your pet’s name, school details or your birthday - all common password choices.”
Stash some cash
The recent power outages in Europe highlight the risk of an over-reliance on technology such as online shopping or contactless payments.
Simon Phillips, managing director at the travel money specialists No1 Currency, said:
“Most of us take card and contactless payments for granted, and the technology is great - right up until the moment it stops working.
“The cyberattacks on M&S and the Co-op, and the nationwide power outages in Spain and Portugal, turned millions of people’s smartphones into expensive paperweights and left them with only one way to pay for things - cash.
“Cash sometimes has an image problem. While many people use it every day and cash usage has surged following the cost of living crisis, some still see it as a bit low-tech.
“But keeping some cash in your purse or wallet is common sense. It’s easy to use, there are no hidden charges and you can always rely on it if digital payments go down.
“Card and contactless payments are useful, practical and safe. But they rely on tech infrastructure that is fallible, and this is why you should always keep some cash as a back-up, both in Britain and especially when you’re travelling abroad.”
Stay ahead of the hackers
It is important to be aware of the different ways a hacker may target you.
Cyber attacks don’t just occur by stealing data in a hack.
Some hackers may use artificial intelligence tools to trick you into thinking you are dealing with a relative, friend or someone from your bank to send money, especially if they have already accessed your personal details online.
Louise Cockburn, information security culture manager at Quilter, said: “These scams can use any messaging channel, including phone calls, WhatsApp messages, LinkedIn, even voice notes using faked voice software.
"As such, it is vital to always check that any person you are dealing with is who you think they are. If you are unable to verify it in person, you will be able to validate it through a separate and verified channel. It can also be helpful to agree a code word with trusted financial advisers or your loved ones in advance so that you can verify who you are speaking with.
“You should always avoid downloading any remote desktop software, particularly if you have been contacted out of the blue as attackers may use this to try and gain access to your computer.”
Track your data
Keep an eye on your bank statements for any suspicious transactions that may suggest your card has been cloned or that your financial details have been stolen.
Useful tools such as Have I Been Pwned will also tell you if your email address appears in any data breaches.
Credit monitoring services such as Experian and Credit Karma will also have services you can sign up to that alert you if your credit report changes, while some security tools such as McAfee can tell you if your details appear on the dark web.
Sign up for MoneyWeek's newsletters
Get the latest financial news, insights and expert analysis from our award-winning MoneyWeek team, to help you understand what really matters when it comes to your finances.

Marc Shoffman is an award-winning freelance journalist specialising in business, personal finance and property. His work has appeared in print and online publications ranging from FT Business to The Times, Mail on Sunday and the i newspaper. He also co-presents the In For A Penny financial planning podcast.
-
How Avios points work: how to collect and spend them
Avios points offer worthwhile rewards for the savvy traveller. We explain how to collect, keep track of, and make the most of your Avios points
-
Unilever braces for inflation amid tariff uncertainty – what does it mean for investors?
Consumer-goods giant Unilever has made steady progress simplifying its operations. Will tariffs now cause turbulence?