National Cyber Security Centre
NCSC launches package of support to help retailers protect themselves and their customers online
New guidance for retailers on choosing the right authentication methods and removing malicious websites.
- NCSC publishes tailored advice to support online retailers, hospitality providers, and utility services protect themselves and their customers from cyber criminals
- Guidance encourages organisations to add extra layer of security on top of passwords to authenticate customers
- Organisations also advised on what steps they should take if their brand has been spoofed online
Organisations across the UK will for the first time have access to tailor-made advice on how to keep their customers and their brand secure from cyber criminals.
The new guidance has been published by the National Cyber Security Centre (NCSC), which is a part of GCHQ. It is designed for retailers with an online presence – particularly for those which have online customer accounts – and those who are at risk of having their brand spoofed by criminals for malicious purposes:
Authentication methods: choosing the right type helps organisations to select an appropriate authentication methods that go ‘beyond passwords’ to help customers secure their accounts, such as two-step verification, OAuth, and one-time passwords, and encourages decision makers to consider the security and usability of each method.
Takedown: removing malicious content to protect your brand provides a step-by-step guide on how an organisation can remove malicious websites which have spoofed their brand to make it seem legitimate. This can include false representation of products and services, fake endorsements, or cyber criminals using your brand in phishing campaigns.
NCSC Deputy Director for Economy and Society Sarah Lyons said:
“Online shopping is bigger than ever and that’s something to be welcomed – but unfortunately it comes with the risk of shoppers’ accounts being exploited.
“Businesses have a major role to play in protecting online shoppers which is why we’ve produced new guidance to help them do so.
“Following this guidance will allow businesses to help keep their customers safe online as well as protecting themselves from potentially crippling cyber attacks.”
The buyer authentication methods and takedown guidance are the latest additions to a suite of advice offered by the NCSC to help organisations of all sizes to better protect themselves and their customers.
Whilst this new guidance outlines the steps that organisations can take to protect their brand and their customers, the public are also reminded that they too have an important role in helping to keep themselves and others safe online.
The Cyber Aware campaign encourages the public and small businesses to adopt six behaviours to protect their online accounts and devices. These are:
- Use a strong and separate password for your email
- Create strong passwords using 3 random words
- Save your passwords in your browser
- Turn on two-step verification (2SV)
- Update your devices and apps
- Back up your data
The public are also encouraged to forward any suspicious emails to the NCSC’s Suspicious Email Reporting Service (SERS) at email@example.com , and to forward any suspicious text messages to 7726.
The UK Government is committed to driving down the volume of cyber crime and recently launched a nationwide, 8-week long, Call for information. This public consultation will seek views from individuals and businesses on how to reduce the hacking of online accounts and personal data, and what extra steps digital service providers can take to prevent cyber attacks, such as those covered in this new guidance.
Latest News from
National Cyber Security Centre
UK exposes attempted Russian cyber interference in politics and democratic processes08/12/2023 10:29:00
The UK condemns Russia’s sustained attempts at political interference in the UK and globally.
UK and allies expose Russian intelligence services for cyber campaign of attempted political interference07/12/2023 14:25:00
The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes
NCSC launches Cyber Incident Exercising scheme06/12/2023 15:25:00
New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.
UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains23/11/2023 16:05:00
Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.
NCSC warns of enduring and significant threat to UK's critical infrastructure16/11/2023 10:05:00
The NCSC's seventh Annual Review raises awareness of the increasingly unpredictable threat landscape.
UK and Singapore secure agreement against ransomware payments03/11/2023 10:22:00
Members of the CRI have signed a joint statement pledging that central government funds should not be used to pay ransoms to cyber criminals.
UK and allies support Ukraine calling out Russia's GRU for new malware campaign31/08/2023 16:15:00
Malware, dubbed Infamous Chisel, enables unauthorised access to compromised Android devices.
Categorising UK cyber incidents23/08/2023 16:20:00
Explaining the NCSC and UK law enforcement categorisation model for cyber incidents.