National Cyber Security Centre
NCSC launches package of support to help retailers protect themselves and their customers online
New guidance for retailers on choosing the right authentication methods and removing malicious websites.
- NCSC publishes tailored advice to support online retailers, hospitality providers, and utility services protect themselves and their customers from cyber criminals
- Guidance encourages organisations to add extra layer of security on top of passwords to authenticate customers
- Organisations also advised on what steps they should take if their brand has been spoofed online
Organisations across the UK will for the first time have access to tailor-made advice on how to keep their customers and their brand secure from cyber criminals.
The new guidance has been published by the National Cyber Security Centre (NCSC), which is a part of GCHQ. It is designed for retailers with an online presence – particularly for those which have online customer accounts – and those who are at risk of having their brand spoofed by criminals for malicious purposes:
Authentication methods: choosing the right type helps organisations to select an appropriate authentication methods that go ‘beyond passwords’ to help customers secure their accounts, such as two-step verification, OAuth, and one-time passwords, and encourages decision makers to consider the security and usability of each method.
Takedown: removing malicious content to protect your brand provides a step-by-step guide on how an organisation can remove malicious websites which have spoofed their brand to make it seem legitimate. This can include false representation of products and services, fake endorsements, or cyber criminals using your brand in phishing campaigns.
NCSC Deputy Director for Economy and Society Sarah Lyons said:
“Online shopping is bigger than ever and that’s something to be welcomed – but unfortunately it comes with the risk of shoppers’ accounts being exploited.
“Businesses have a major role to play in protecting online shoppers which is why we’ve produced new guidance to help them do so.
“Following this guidance will allow businesses to help keep their customers safe online as well as protecting themselves from potentially crippling cyber attacks.”
The buyer authentication methods and takedown guidance are the latest additions to a suite of advice offered by the NCSC to help organisations of all sizes to better protect themselves and their customers.
Whilst this new guidance outlines the steps that organisations can take to protect their brand and their customers, the public are also reminded that they too have an important role in helping to keep themselves and others safe online.
The Cyber Aware campaign encourages the public and small businesses to adopt six behaviours to protect their online accounts and devices. These are:
- Use a strong and separate password for your email
- Create strong passwords using 3 random words
- Save your passwords in your browser
- Turn on two-step verification (2SV)
- Update your devices and apps
- Back up your data
The public are also encouraged to forward any suspicious emails to the NCSC’s Suspicious Email Reporting Service (SERS) at firstname.lastname@example.org , and to forward any suspicious text messages to 7726.
The UK Government is committed to driving down the volume of cyber crime and recently launched a nationwide, 8-week long, Call for information. This public consultation will seek views from individuals and businesses on how to reduce the hacking of online accounts and personal data, and what extra steps digital service providers can take to prevent cyber attacks, such as those covered in this new guidance.
Latest News from
National Cyber Security Centre
Leading women in tech urge schoolgirls to take on the UK's flagship cyber security contest27/09/2022 11:15:00
Registration opens for the CyberFirst Girls competition 2023.
UK and allies expose Iranian state agency for exploiting cyber vulnerabilities for ransomware operations21/09/2022 09:15:00
Joint advisory highlights threat from cyber actors affiliated with Iran’s IRGC.
Her Majesty Queen Elizabeth II and GCHQ20/09/2022 09:05:00
We reflect on Her Majesty's long association with GCHQ and the NCSC.
Potential phishing activity update14/09/2022 11:15:00
The National Cyber Security Centre warns about potential scams during the period of national mourning.
GCHQ mourns the death of Her Majesty The Queen09/09/2022 15:25:00
Director GCHQ, Sir Jeremy Fleming, offers deep condolences to the Royal Family.
NCSC CEO appears at major US cyber security summit09/09/2022 14:15:00
Lindy Cameron discussed cyber security at the 13th Billington Cyber Security Summit in Washington.
UK condemns Iranian state-linked actors for cyber attack against Albania08/09/2022 12:15:00
The UK has attributed a series of cyber attacks on Albanian government infrastructure to Iranian state-linked actors.
Cyber security experts team up to protect UK construction projects23/08/2022 11:05:00
New guidance to support UK construction projects has been jointly published between the NCSC, CPNI and BEIS.