NCSC helps retailers protect themselves and their customers online
Image courtesy NCSC
The guidance is designed for retailers with an online presence – particularly for those which have online customer accounts – and those who are at risk of having their brand spoofed by criminals for malicious purposes:
Authentication methods: choosing the right type helps organisations to select an appropriate authentication method that goes ‘beyond passwords’ to help customers secure their accounts, such as two-step verification, OAuth, and one-time passwords, and encourages decision makers to consider the security and usability of each method.
Takedown: removing malicious content to protect your brand provides a step-by-step guide on how an organisation can remove malicious websites which have spoofed their brand to make it seem legitimate. This can include false representation of products and services, fake endorsements, or cyber criminals using your brand in phishing campaigns.
NCSC Deputy Director for Economy and Society Sarah Lyons said: “Online shopping is bigger than ever and that’s something to be welcomed – but unfortunately it comes with the risk of shoppers’ accounts being exploited.
“Businesses have a major role to play in protecting online shoppers which is why we’ve produced new guidance to help them do so.
“Following this guidance will allow businesses to help keep their customers safe online as well as protecting themselves from potentially crippling cyber attacks.”
The buyer authentication methods and takedown guidance are the latest additions to a suite of advice offered by the NCSC to help organisations of all sizes to better protect themselves and their customers.
Whilst this new guidance outlines the steps that organisations can take to protect their brand and their customers, the public are also reminded that they too have an important role in helping to keep themselves and others safe online.
The Cyber Aware campaign encourages the public and small businesses to adopt six behaviours to protect their online accounts and devices. These are:
- Use a strong and separate password for your email
- Create strong passwords using three random words
- Save your passwords in your browser
- Turn on two-step verification (2SV)
- Update your devices and apps
- Back up your data
The public are also encouraged to forward any suspicious emails to the NCSC’s Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk and to forward any suspicious text messages to 7726.
The UK Government is committed to driving down the volume of cyber crime and recently launched a nationwide, eight-week long, 'Call for information'.
This public consultation will seek views from individuals and businesses on how to reduce the hacking of online accounts and personal data and what extra steps digital service providers can take to prevent cyber attacks, such as those covered in this new guidance.
