the United Kingdom National Cyber Security Center (NCSC) has published a customized guide designed to help retailers, hospitality providers, and utilities protect themselves and their customers from the impact of cybercrime.
The guide is designed specifically for organizations with an online presence, and in particular those that employ online customer accounts, and those that may be at risk of having their brand spoofed by malicious actors.
“Online shopping is bigger than ever, and that’s a welcome thing, but unfortunately it comes with the risk of shoppers’ accounts being exploited,” said Sarah Lyons, NCSC deputy director of economics and society. “Businesses have an important role to play in protecting shoppers online, which is why we’ve put together a new guide to help them do just that. Following this guidance will enable businesses to help keep their customers safe online, as well as protect themselves from potentially devastating cyberattacks.”
The guide emphasizes the need to add additional layers of security beyond passwords, such as multi-factor authentication (MFA), OAuth 2.0 or single sign-on, FIDO2, or one-time passcodes.
It highlights the importance of considering both security and usability of each authentication method during the implementation process and the interaction of those factors with the user base.
For example, a customer may be reluctant to purchase from an online store if they need to purchase an additional device to do so, so FIDO2 tokens, which often take the form of USB keys, will not always be appropriate.
also offers step by step instructions on how to remove, or have hosting providers remove, malicious websites that misrebrand to appear legitimate, which may include misrepresentations of products or services, false recommendations or reviews, or exploitation as phishing lures.
Along with its guidance, the NCSC reminded the general public that they too have an important role to play when it comes to protecting themselves online.
As a first step, he encouraged people to take to heart the six foundational lessons laid out in their current cyber aware Campaign:
- Use a separate, strong password for email accounts;
- To create strong passwords using the NCSC’s Three Random Words methodology;
- To save passwords in your browser;
- To activate MFA when available;
- To keep devices and applications up to date;
- And to back up data.
With the Office for National Statistics (ONS) putting the number of UK computer abuse crimes at 1.6 million in the 12 months to 31 March 2022, an 89% increase from 2020, it is clear that there is still a growing cybercrime problem in the UK.
The government is committed to reducing such crimes, which range from unauthorized access to systems or hacking, to digitally enabled fraud and sexual and stalking offences, and recently launched a call for information seeking to develop new proposals to stop this growth. .
The consultation, which is run through the Home Office, seeks information on the risks associated with unauthorized access to UK citizens’ online accounts and personal data; actions currently being taken to address the problem; and actions that should should be taken to address it further, and where the responsibility should lie to do so.
The consultation will last until October 27, 2022. and more information on how to participate can be found here.