Weak Password Allowed Hackers to Sink a 158-Year-Old Company

Posted on 24 July 202524 July 2025

You may have seen the BBC Panorama episode which was shown earlier this week about cybercrime.

The programme followed the story of KNP, a 158 year old Northamptonshire transport company, where one password is all it took for a ransomware gang to destroy the company and put 700 people out of work.

However, this is just one of thousands of UK businesses that have been hit by cyberattacks with big names such as M&S, Co-op and Harrods hit amongst many others.

In KNP’s case, it’s thought the hackers managed to break in to the computer system by guessing an employee’s password. Once logged in, they encrypted the company’s data and locked its internal systems – leaving staff unable to access any of the data needed to run the business.

The only way to get the data back, said the hackers, was to pay a ransom. The hackers didn’t name a price, but a specialist ransomware negotiation firm estimated the sum could be as much as £5m. KNP didn’t have that kind of money. In the end all the data was lost, and the company went under.

Watch the BBC Panorama episode on iPlayer >

What can be done to help protect your business?

☝️Use Multifactor Authentication

Multifactor authentication (MFA) is an extra layer of security which makes it harder for hackers to attack and to gain unauthorised access to your email account.

When you sign into your online accounts, you have to prove you are who you say you are, in order to gain access. Traditionally you have done this by inputting your username (or email address) and a password.

Unfortunately, this is not enough anymore. Usernames are easy to find or guess (especially if it is your email address) and people tend to pick simple passwords or use the same password on multiple sites to make it easier for them (anyone using password1 still?)

This is why most online services including banks, social media, shopping, and your Microsoft 365 account, have added Multifactor Authentication to make your account more secure.

We add MFA for FREE to all of our customers with Microsoft 365 email accounts.

You can find out all about MFA on our blog post here >

🔑 Use YubiKeys

YubiKeys are literally a key-sized device, similar in size to a USB memory stick, which you can plug in to your laptop or PC as a multifactor authentication (MFA) method. They can also be used with mobile devices.

YubiKeys can work with business and home software, especially logins to Microsoft, Google and Meta (Facebook, Instagram) services.

But instead of reaching for your phone to open an authenticator app or approve a login, you can simply touch the YubiKey to verify and you’re in. Once an app or service is verified, it can stay trusted. It’s that easy.

YubiKeys offer the most secure passkey authentication approach that accelerates the move towards a passwordless future, and stops account takeovers in their tracks.

🔏 Use a Password Manager

Use a password manager to securely store and manage your passwords. A password manager lets you store all your passwords in one easily accessible place. Instead of trying to remember each password, you can rely on the manager to keep them secure.

Some internet browsers such as Edge and Chrome have password managers built in. Smartphones also have these which allow you to store your passwords and access them when you need to (usually with a MFA method attached) or they can autofill when you try to login to accounts (if that password is stored).

There is also password manager software available which can be used on multiple devices which can give you more flexibility.

Using a password manager allows you to use unique and complex passwords for each online account without having to remember them all. Cybercriminals often exploit reused passwords, so having unique passwords for different websites is crucial for security

Find out more about password managers here >

In conclusion

There were an estimated 19,000 ransomware attacks on UK businesses last year, according to the government’s cyber-security survey. However. statistics are hard to come by because companies don’t have to report attacks or if they have paid ransom,.

With industry research suggesting the typical UK ransom demand is about £4m and that about a third of companies simply pay up, businesses need to do everything they can to ensure they do not become another statistic.

To learn more, please get in touch >

Posted in NewsTagged Cybersecurity, IT security, MFA, Passwords

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.