top of page

Big league, big money, bigger cyber threats

Why Nottingham Forest’s promotion delivers a financial boost for local businesses and why, subsequently, those businesses should now boost their cyber security.

On Sunday, May 29, Nottingham Forest secured a return to the Premier League after a 23-year absence thanks to victory over Huddersfield Town in the Championship play-off final at Wembley.

The win will not only boost the club’s coffers to allow them a chance to compete with the elite, but away from football, sectors such as tourism, transport and particularly hospitality will also get a major cash injection from having a club in the top flight of English football.

It's previously been stated by Nottingham City Council that the city alone will get a boost of around £120m because of the result, along with an extra 100,000 visitors.

Indeed, Forest's run this season has already brought a much-needed hoist to the hospitality sector which continues to recover from the financial impact of the pandemic. And it will strengthen local businesses going forward, say those in the hospitality industry.

Scott Knowles, chief executive of East Midlands Chamber - a member of our Advisory Group - told Nottinghamshire Live:

"Celebrations won’t have died down yet (they may never die down!) among Nottingham Forest fans, who will be looking ahead to life back in the Premier League after a fantastic season that has galvanised the city. And while winning the Championship play-off final is said to be worth £170m, the rewards for the local economy will go much further.
"Football is the world's most-watched sport and the Premier League is the most popular national club competition, so playing in the top tier is another opportunity to put the Nottingham name on a global stage once again. At a time when the city is seeking inward investment for some exciting regeneration projects, this will certainly do no harm in elevating its international profile.
"More generally, a successful sports team creates a healthy atmosphere across the whole area, bringing with it significant positive economic consequences, not least for the hospitality businesses and transport networks that have endured a tough period over the past couple of years. Being back in the top flight for the first time in 23 years also offers the prospect of different clubs' fans visiting Nottingham, perhaps for the first time - boosting the local economy via spending in pubs, hotels, restaurants and shops, but also enhancing the city’s wider reputation as a destination.
"But promotion is also about much more than that. Nottingham Forest is woven into the city and county's fabric, and having its Premier League status restored after more than two decades creates a huge sense of pride for its community."

But while many business owners in the hospitality sector can smile about the prospect of extra business, there is a cautionary tale, and it’s up to us to tell it.

Scammers, fraudsters and cyber criminals could be lurking, aware that pubs, bars and hotels will be potentially welcoming more customers and guests. And where there’s money, there is risk to a business from cyber criminals looking to exploit them, and caution should therefore be entertained.

But it’s not just about the business, it’s about the customer and their cyber security, too.

So let’s look at the threats…


If hackers find a way into a business’s systems, they can paralyze it, and demand a princely sum to unlock it. Choosing to pay the ransom may or may not release the system from the hacker’s grasp (although usually they do let go, but may return knowing that a business is vulnerable or susceptible to part with funds) but that’s a huge slice of cash drained - cash which has been absent for so long throughout the pandemic.

Another option is to fix it, and rebuild the system with stronger safety measures built in. But this can take time, and it’s hard for a business to operate during this period meaning there's the potential of a temporary closure.

Point of Sale (POS)

With cash increasingly becoming a last resort for customers when it comes to purchases, pubs, clubs, restaurants and hotels rely heavily on point-of-sale (POS) terminals for their transactions.

Weak remote access security is the main risk here, but it was discovered recently that human intervention could prevent compromises simply by setting secure passwords, and not just settling for ‘Password01’ (still the most commonly-used password even now), easy-to-remember passwords or - worse - leaving the device configured with the default password.

This can give hackers easy access into the system to plant malware.


Many businesses will have an on-site record of payroll details for their employees, banking information, vendor information etc. To protect all of this, secure measures need to be firmly in place.

If, for example, an employee’s details are accessible to hackers, they can find ways to fraudulently use those details in an attempt to access their money. Elsewhere, vendor data may be used to create forged invoices.

Consumer risk

Phishing emails, fake websites or fictitious social media accounts can lure customers into a false network where cyber criminals lurk.

Customers who subscribe to newsletters or promotions like discount codes for restaurants and special offer promos from hotels may not spot that the email or digital communication is fake, hence opening the door to fraudulent activity.

Indeed, just recently, a pub in Derbyshire was forced to post on their official Facebook page about a bogus Facebook page masquerading as them. This fake page was enticing customers to book on a range of events happening at the pub. These events were actually happening, but any bookings for them via this fake page would have gone to the fraudsters and not the pub. The bogus page, to the unassuming eye, looked genuine, and was fooling enough people that the pub had to take action.

Phishing emails can also look genuine, and are therefore deceptive and dangerous, as they may ask for payments or encourage the recipient to visit a fake website.

However, there is often a tell-tale sign that it’s fake. Maybe the offer they are so desperate to award you with looks too good to be true, in which case, it probably is.

Look at the URL, or link. Does this look right? There could be a misspelling, albeit very slight. Hovering over a link will show the real URL. If it doesn’t match what you were expecting, don’t click it. Meanwhile the type face or font could also be slightly different from the official brand’s.

If you run a business in the hospitality sector and are concerned about cyber criminality, or want to be kept up-to-date with emerging threats, we can help. Registration to our core membership is absolutely free. For all membership options visit our website.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page