The new guidance has been published by the National Cyber Security Centre (NCSC), which is a part of GCHQ. It is designed for retailers with an online presence, particularly for those which have online customer accounts, and those who are at risk of having their brand spoofed by criminals for malicious purposes:

• Authentication methods: choosing the right type: this guidance aims to help organisations select an appropriate authentication method that goes beyond passwords to help customers secure their accounts, such as two-step verification, OAuth, and one-time passwords, and encourages decision makers to consider the security and usability of each method; and
• Takedown: removing malicious content to protect your brand: this guidance provides a step-by-step guide on how an organisation can remove malicious websites which have spoofed their brand to make it seem legitimate; this can include false representation of products and services, fake endorsements, or cyber criminals using your brand in phishing campaigns.

Whilst this new guidance outlines the steps that organisations can take to protect their brand and their customers, the NCSC reminds the public that they too have an important role in helping to keep themselves and others safe online.

The NCSC’s Cyber Aware campaign encourages the public and small businesses to adopt six behaviours to protect their online accounts and devices. These are:

• use a strong and separate password for your email;
• create strong passwords using three random words;
• save your passwords in your browser;
• turn on two-step verification (2SV);
• update your devices and apps; and
• back up your data.

To read the NCSC’s press release in full and to access the new guidance, click here.