Cooperative staff were ordered to keep cameras during remote work sessions and verify all attendees as the company handles ongoing cyberattacks.
In an internal email to 70,000 employees of supermarkets, functio services and insurance companies, workers were urged to stay alert as IT teams work to ensure hackers are not in their systems.
The description says, “Don’t record or transcription team calls.”
This is because supermarket Marks & Spencer (M&S) struggles with major ransomware attacks. It is not clear whether hacks are linked.
Cybersecurity consultant Jen Ellis said the email said the co-op was concerned about the existence of hackers.
“Reminding employees to keep cameras during a conference call is a way to keep the work going while making sure everyone is really the person they claim to be and that no surprise is taking the call.”
The co-op said Wednesday it had shut down part of its IT system in response to hackers trying to access.
It said “positive measures” are being taken to resist the attack, which has had a “small impact” on its call center and backend.
But internal emails show that the company has turned off all remote access.
There is no internal application that requires a VPN (virtual private network) to log in from home, and if you need access to a work tool, you can tell the workers to go to the cooperative location.
They are also urged not to post any sensitive information to team chats and report any suspicious messages or emails.
ITV News first reported internal emails and was confirmed by the co-op to the BBC.
The cooperative insists that cyber attacks are under control and that all measures are “proactive.”
In the past, cybercriminals have visited internal company messaging systems, including Uber and Rockstar games, to monitor communications and post-ransom requirements.
This type of strategy was used by a group called Lapsus$, which consists of teenagers in English - two of whom were arrested and convicted in the UK in 2023.
The attack on the M&S is linked to a potential spin known as the Scacted Spider, which was hit by high-profile hacks at MGM Grand Casino and Transport London (TFL).
As part of TFL's response to its cyber attack, all employees must report to the security team in person to ensure that hackers are completely kicked out of the IT system.
The incident that weakens M&S is a ransomware attack using Dragonforce cybercrime service.
Metropolitan Police confirmed it is studying M&S's cyberattack.
“Detectives from the Metropolitan Cyber Crime Department are investigating,” it said in a statement.
M&S also reported it to the National Cybersecurity Center (NCSC).
The BBC understands that the human body urges other retailers to remain alert but does not consider retailers a specific goal.
A spokesman for the NCSC said: “NCSC is often associated with the entire organization with regard to cyber threats facing the UK and regularly reminds them of the steps they can take as resilient as possible.”