From Cold Calls to Cyber Security — And What to Watch When Working from Home

Hi, I’m Clint, founder of C-Sure Consulting. In this week’s edition of C-Shorts, I’m exploring how everyday decisions about our data connect with much bigger questions of cyber security and supply chain resilience...

🍟 Fries, Free WiFi, and a False Alarm

I stopped off at a McDonald’s on the way home from a business event the other day, and I wanted to download a podcast for the rest of the drive. The mobile signal was weak, so I connected to the free WiFi. To do that, I had to input my name, email address, and phone number into their online form. I was a bit annoyed, but I figured that a company the size of McDonald’s would be responsible with my data, and I made sure I hadn't ticked or unticked any of the wrong boxes...

Later that same day I got a phone call. 'Hello, is that Mr Clinton Spencer?' the voice said, 'I’m calling about life insurance…' I remember feeling my stomach drop. I was convinced that McDonald's had sold my personal data!

I went straight to McDonald’s UK privacy policy (after the fact, but it was way too long to read at the time — do they do that on purpose so you don't read it, or am I being too cynical?). Anyway, there was actually nothing in there that suggested my number would have been passed on for telesales calls. Apparently, there was no chance my details could have been sold as their policy is quite clear on that: 'We won’t sell your data to third parties. Ever.' Although they do share your data with suppliers and advertising partners (Meta, Google, Snap, X) for online ads, which still feels like a lot of information to be giving away for a bit of free WiFi if you ask me. So it was probably just a coincidence. But I still wanted to do something about it...

The silver lining here is that I did find a solution: register with the Telephone Preference Service (TPS) either online or by texting 'TPS' and your email to 85095. It may not block 100% of nuisance calls, but I haven't had one since.

There is no doubt that these telesales people get their data from somewhere, and I had definitely noticed an increase in the amount of calls I have been getting before I registered with TPS, so it pays to be extra vigilant wherever you input your personal data. And ask yourself, do I really need to log on to the free WiFi at all? Just one slip can lead to something much worse than unwanted calls... 💥 Breaches, Brands & Broken Chains

That thought was still in my mind when I started reading about the recent wave of cyber attacks affecting airports and supply chains. Over the past week, check-in systems at major European airports were knocked offline after ransomware hit a widely used software platform. Flights were delayed, baggage systems jammed, and airlines had to revert to manual check-in just to keep planes moving. Quite scary that aviation, which has to be one of the most safety-conscious industries, can be thrown into such chaos by a single piece of software.

Not long before that, luxury fashion supply chains were breached by hackers who stole not only customer names and addresses but also sales data, including how much each person spent. Imagine how targeted the phishing emails could be with that level of detail.

And then there’s Jaguar Land Rover. A cyber attack took down their IT and production systems, halting factory operations and causing a domino effect through their suppliers. Some smaller suppliers are now under real financial pressure, with the government even considering stepping in to buy parts to stop them going under. It’s a stark reminder that a single breach can hit not just the company attacked, but hundreds of businesses around it. Whether it’s airports, fashion houses, or car manufacturers, a single digital weak point can ripple across entire industries. 📊 Cyber Security Statistics 2025

These stories are not outliers. The latest Cyber Security Breaches Survey shows that nearly half of UK businesses experienced a breach or attack in the past year.

Despite this, only around one in four businesses have board-level responsibility for cyber security. For the rest, it’s still seen as an IT problem rather than a business-critical priority. And while people are the first line of defence, only around one in five businesses provided cyber security training to staff in the past year. Without regular awareness training, employees are left exposed to phishing, social engineering, and credential theft — still the most common causes of breaches.

My take on the report is that the threat is growing faster than the response. Breaches are becoming more frequent, yet leadership involvement and staff training are actually declining. It’s a gap that businesses need to close quickly if they want to protect operations and keep their supply chains running. You can read the full report here: Cyber Security Labour Market Survey and Sectoral Analysis 2025: Key Findings 🏠 Home Comforts, Hidden Risks If we think about risk just inside the office walls, we are missing half the picture. Remote work has made our networks bigger, more complex, and harder to defend. Home routers are often left with default passwords and outdated firmware. Personal and work devices share the same network. Smart speakers, TVs, and other gadgets create new entry points for attackers.

There’s also something about working from home that can make us less cautious. When an email comes through late on a Friday afternoon asking you to reset a password or pay an invoice, there’s no colleague sitting nearby to check it with. Social engineering thrives in that isolation.

I know from my own experience that when I’m working from home, especially late in the day, it’s tempting to just click through things quickly. That’s exactly when the risk is highest, and attackers are smart enough to know this is when our attention is at its lowest. And without regular reminders, security habits slip. People reuse passwords, ignore software updates, or use personal devices for business files. I’ve seen reports that as many as one in five organisations have experienced a breach linked to remote work. The convenience is great, but you need to be aware of the risks. Small, thoughtful habits reduce these risks, good training keeps teams alert, and shared responsibility across your whole supply chain helps everyone recover faster when an attack happens. If this all feels overwhelming, you don’t have to tackle it alone. In the UK, your local Cyber Resilience Centre is a brilliant resource. They provide funded support, guidance, and practical steps to help small businesses improve their cyber resilience. You can find your nearest Cyber Resilience Centre here: Find Your Nearest CRC

🤝 Let’s Keep Connected This week’s reflections have reminded me that cyber resilience is as much about people and behaviour as it is about firewalls and software. For me, it’s about building habits that protect my business and my clients, and keeping things as simple as possible, so it's easy to stick to them.

What about you? Do you feel confident about your cyber security right now, or is it somewhere on your to-do list?

Have you had a near miss or a wake-up call that changed the way you approach security at work or at home?

I’d love to hear your thoughts. Please comment below or contact us directly. Until next time...

💡 C-Sure Shortcut of the Week

Pause, Protect, Proceed

Think before you click; it can be the difference between business as usual and a full-blown breach.