July 2025: Cyber Security
On Monday 14th July, Harrogate District Chamber of Commerce held a successful meeting, focussing on the business critical topic of Cyber Security.
Held at the Cedar Court Hotel, Harrogate, the event was designed to equip local business owners and directors with the knowledge to navigate the ever-evolving landscape of digital threats.
Following the usual period of open networking, Chamber President Phill Holdsworth welcomed attendees and extended thanks to the staff at Cedar Court for their hospitality.
In our monthly charity slot, we heard an update about Harrogate Theatre's community initiatives, including their charitable status, venue hire options, upcoming behind-the-scenes tours with cream tea, and an upcoming pantomime horse race fundraiser!
Martin Mann, Chief Executive, also briefly referenced a recent well-attended and positive meeting held by the Chamber with North Yorkshire Council leaders.
The core of the evening's discussion then shifted to the critical subject of cyber security, with presentations from experts.
Chamber member, James Naylor from Infosecurity People started the discussion by exploring why hackers hack, identifying money as the primary driver, alongside intellectual challenge, the desire to create chaos, and political motivations. He stressed that all businesses, regardless of size, are targets because their information and intellectual property is highly valuable. James then detailed cyber breach trends, revealing that 20% of breaches exploit "zero-day" vulnerabilities, 22% involve credential abuse, and a concerning 88% of small and medium-sized business (SMB) breaches involve ransomware, with 36% of victims paying the ransom, often leading to a second attack. He highlighted that 30% of breaches originate from third-party suppliers and noted the increasing use of AI by hackers to craft sophisticated phishing emails. James showed a powerful video of a ransomware infection, showing just how quickly a system can be compromised.
We then heard from Steve Leach from the North East Business Resilience Centre (NEBRC) - a police-led non-for-profit organisation that provides 24/7 cyber security support to SMEs. Steve shared insights into understanding cybercrime and the NEBRC's role. He discussed how the NEBRC acts as a modern crime prevention unit, collaborating with police, academia, and businesses to improve cyber resilience, often utilising ethical hacking students to test business security.
Steve challenged common misconceptions like "I'm too small to be a target" and emphasised that cybercrime is simply a modern method for criminal activity. He shared key cybersecurity statistics, noting that 43% of businesses suffer a cyber incident within a 12-month period, with 85% originating from phishing emails. He also touched on the low adoption of Cyber Essentials certification and multi-factor authentication, and explained how data loss can occur through non-cyber means like sending emails to the wrong recipient. Steve further stressed the importance of robust password security, advocating for unique, complex passwords and recommending password managers.
Finally, Chris Dickinson from ASE Computers concluded the presentations by focusing on the human element and practical protection strategies. Chris emphasised that people are consistently the weakest link in security, often initiating breaches through social engineering tactics that exploit time pressure, distraction, and conformity. He shared real-world examples of financial losses due to scams, including individuals being defrauded of significant sums via phone and email. Chris then detailed the Cyber Essentials framework as a fundamental government-backed scheme capable of mitigating about 80% of common threats through five key controls: secure configuration, boundary firewalls & Wi-Fi, access control (using standard user accounts), patch management, and comprehensive internet security software. He also advised on implementing incident response plans, conducting regular security awareness training, establishing robust backup strategies, and testing restore times, underlining that the ultimate responsibility for business security rests with the owner.
Adding further practical perspectives to the discussion, Chamber Chief Executive Martin Mann drew on his professional experience in his own IT business, Martin Mann IT to highlight critical vulnerabilities. He pointed out that new starters in a business are often "fresh meat for the hackers." These individuals, excited about a new role and updating their professional LinkedIn profiles, are quickly identified by criminals who then craft convincing scams, such as requesting the purchase of gift vouchers via text, posing as a senior executive. Martin emphasised that such scams exploit the new employee's eagerness to help and their unfamiliarity with internal processes.
Later in the evening, during the Q&A, Martin reinforced advice on robust password management. He stressed the importance of setting up a password manager, noting that these tools can reveal just how many compromised passwords an individual might unknowingly be using across various accounts. Crucially, he advised attendees to always safeguard emergency backup codes for password managers, ideally by printing them out physically. This ensures access even if primary devices are lost or two-factor authentication is inaccessible, preventing individuals from being locked out of their digital lives.
The meeting then moved on to Chamber member news, as we welcomed a new member, Fernando from Vets 4 Pets, who introduced his practice.
Paul from Ake & Humphris announced upcoming wine-tasting and networking events, including a Speakeasy bar experience on 24th July, and a Business Networking event celebrating National Cheese and Wine Day on 25th of July.
Michael from St. Michael's Hospice highlighted upcoming fundraising opportunities, including their Midnight Walk on the 13th September and the Big Harrogate Sleep Out on the 2nd October.
The evening concluded with Phill Holdsworth thanking all attendees and speakers, reiterating the value of member feedback via Mentimeter.
He closed by looking ahead to August’s member-exclusive social, organised in conjunction with Harrogate BID, and to be held on 11th August at The Mayfair Roof Terrace. Chamber members can register their place using the link below. https://www.harrogatechamber.co.uk/events
The overall message of the evening reinforced that while the cyber threat is serious, implementing fundamental protective measures can significantly enhance a business's resilience.
Useful resources
North East Business Resilience Centre
Free Cyber Security Membership from The Business Resilience Centre: https://www.nebrcentre.co.uk/core-membership-sign-up/
Small Business Guide to Cyber Security: https://www.ncsc.gov.uk/collection/small-business-guide
10 Steps to Cyber Security: https://www.ncsc.gov.uk/collection/10-steps
Check if your email address has been in a data breach: https://haveibeenpwned.com
