Retailers face the potential threats of ransomware, malware, phishing attacks and more from cyber criminals and a new guide developed with the aid of the National Cyber Security Centre (NCSC) aims to stop retailers falling victim to attacks.
The Cyber Resilience Toolkit for Retail has been developed by the British Retail Consortium (BRC) and the NCSC and attempts to provide a 'plain English' guide to cybersecurity for management and boards of retailers.
The nature of retailers, and the way they deal with not only financial data but personal information, has always made them a tempting target for cyber criminals. During the course of 2020, the BRC says there's been a rise in the number of online purchases, potentially providing cyber criminals with a richer spoils if they conduct a successful cyberattack against an e-commerce site.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
"We want to keep shoppers' data, identity and privacy safe, and to ensure that the retail sector is well equipped to face the cyber challenges associated with an ever-more digital world," said Dr Ian Levy, technical director at the NCSC.
"Cybersecurity need not be daunting. There are a number of straightforward best-practice measures you can put in place to ensure you are protecting yourself and your customers," he added.
Those best-practice measures include using strong passwords, having good cybersecurity awareness training for staff and backing up data regularly, so if a successful ransomware attack occurs, the organisation is able to restore from backups.
It's also recommended that management knows what procedures are in place and know what to do if a cyberattack happens – and who to call if they need help.
"Last year, retailers spent over £186 million on cybersecurity, but the growth in online selling means there is an increasing threat of new cyber breaches and sophisticated hacking techniques. As a result, retailers need to ensure their systems are watertight and up to date," said Helen Dickinson, chief executive of the British Retail Consortium.
SEE: 10 tech predictions that could mean huge changes ahead
The toolkit also contains advice on areas that potential threats could come from that retailers might not have considered. These include people working from home, malicious insiders, the supply chain and legacy systems that have been forgotten about.
The guide also urges retailers to to take advantage of the NCSC's Exercise in a Box – a free tool that allows organisations to test their cyber defences based on common hacking scenarios and real-life cyber incidents.