New cyber guidance for retailers

News article

Advice for retailers on choosing the right authentication methods and removing malicious websites

The National Cyber Security Centre (NCSC) has published tailored guidance designed to support retailers, hospitality providers and utility services in protecting themselves and their customers from the impact of cyber crime.

The guidance is specifically designed for any organisation with an online presence, but particularly for:

  • organisations that employ online customer accounts
  • organisations at risk of having their brand spoofed by malicious actors

The guidance recognises that passwords remain the default method of authentication for a huge range of services, both at work and home. However, accounts authenticated by passwords alone are known to be vulnerable to attack and so, in some cases, alternate authentication models may be more suitable.

The NCSC's new guidance on authentication methods will help you explore alternative models for authentication such as:

  • two-step verification
  • OAuth
  • FIDO2
  • magic links
  • one time passwords

In addition to protecting your users' accounts, the NCSC also recommends that you consider measures that protect your brand from being exploited online through, for example:

  • false representations of your products or services
  • fake endorsements
  • your brand being used in phishing or malware to make attacks look credible

The NCSC's new takedown guidance tells you how to go about removing malicious content such as phishing sites. Typically, you can:

  • contact hosting companies and domain registrars yourself, requesting that the service be withdrawn
  • use a takedown provider who can manage this process on your behalf

Whichever method you choose, removing malicious websites that are exploiting your reputation to defraud the public is key to protecting your brand.

First published 7 October 2022