How can the NCSC’s Small Business Guide help my retail or ecommerce business?

In the last 12 months, four in ten businesses (39%) have reported cyber security breaches or attacks. This figure includes businesses from across multiple sectors as cyber criminals don’t have a preference or favourite when it comes to launching an attack.

According to data published in a report by financial auditor, Grant Thornton’s, 1 in 8 retailers faced a cyber-attack over the past 12 months. One of the reasons why cyber criminals take an interest in the retail sector is due to the level of customer data that is collected, particularly through ecommerce and online shopping platforms.


In 2018, fashion retailer SHEIN suffered a data breach that affected in the region of 6.42 million customers. Cyber criminals were able to gain access to the company’s servers and steal the personal information of SHEIN’s customers.


To help small business owners strengthen their cyber security by following simple steps and adopting basic practices, the National Cyber Security Centre (NCSC) created the Small Business Guide, which sets out five key areas for businesses to help improve their cyber security.


The Small Business Guide is part of a collection of NCSC guidance which has been reviewed and refreshed to offer up-to-date tips on implementing key security controls. This includes the Small Business Guide: ‘Actions’ resource, which breaks down the recommendations into individual steps, and our Response and Recovery guidance which outlines how to prepare, manage, resolve and report an incident if one does occur.


The five recommended areas of focus are:

1. Backing up your data: Top tips include keeping a back-up of data separate, reading our Cloud Security guidance, and backing up regularly.

2. Protecting from malware: Top tips include switching on firewalls, preventing staff downloading dodgy apps, and controlling how USBs can be used.

3. Keeping your smartphones (and tablets) safe: Top tips include making sure devices can be wiped remotely, not connecting to unknown WiFi networks and keeping device software up-to-date.

4. Using passwords to protect your data: Top tips include avoiding predictable passwords, using two-factor authentication, and changing default passwords.

5. Avoid phishing attacks: Top tips include checking for obvious signs of phishing, reporting all attacks, and testing resilience using our Exercise in a Box tool.


You can access the Small Business Guide here.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.