New guidance for retailers on choosing the right authentication methods and removing malicious websites.

• NCSC publishes tailored advice to support online retailers, hospitality providers, and utility services protect themselves and their customers from cyber criminals
• Guidance encourages organisations to add extra layer of security on top of passwords to authenticate customers
• Organisations also advised on what steps they should take if their brand has been spoofed online

Organisations across the UK will for the first time have access to tailor-made advice on how to keep their customers and their brand secure from cyber criminals.

The new guidance has been published by the National Cyber Security Centre (NCSC), which is a part of GCHQ. It is designed for retailers with an online presence – particularly for those which have online customer accounts – and those who are at risk of having their brand spoofed by criminals for malicious purposes:

• Authentication methods: choosing the right type helps organisations to select an appropriate authentication method that goes ‘beyond passwords’ to help customers secure their accounts, such as two-step verification, OAuth, and one-time passwords, and encourages decision makers to consider the security and usability of each method.
• Takedown: removing malicious content to protect your brand provides a step-by-step guide on how an organisation can remove malicious websites which have spoofed their brand to make it seem legitimate. This can include false representation of products and services, fake endorsements, or cyber criminals using your brand in phishing campaigns.

NCSC Deputy Director for Economy and Society Sarah Lyons said:

“Online shopping is bigger than ever and that’s something to be welcomed – but unfortunately it comes with the risk of shoppers’ accounts being exploited.

“Businesses have a major role to play in protecting online shoppers which is why we’ve produced new guidance to help them do so.

“Following this guidance will allow businesses to help keep their customers safe online as well as protecting themselves from potentially crippling cyber attacks.”

The buyer authentication methods and takedown guidance are the latest additions to a suite of advice offered by the NCSC to help organisations of all sizes to better protect themselves and their customers.

Whilst this new guidance outlines the steps that organisations can take to protect their brand and their customers, the public are also reminded that they too have an important role in helping to keep themselves and others safe online.

The Cyber Aware campaign encourages the public and small businesses to adopt six behaviours to protect their online accounts and devices. These are:

• Use a strong and separate password for your email
• Create strong passwords using 3 random words
• Save your passwords in your browser
• Turn on two-step verification (2SV)
• Update your devices and apps
• Back up your data

The public are also encouraged to forward any suspicious emails to the NCSC’s Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk , and to forward any suspicious text messages to 7726.

The UK Government is committed to driving down the volume of cyber crime and recently launched a nationwide, 8-week long, Call for information. This public consultation will seek views from individuals and businesses on how to reduce the hacking of online accounts and personal data, and what extra steps digital service providers can take to prevent cyber attacks, such as those covered in this new guidance.