Top tips for the retail sector to build cyber resilience

Updated: Feb 10

Calling the retail sector in the East of England.

Do you know how to build your business’s cyber resilience?

Do you know what cyber resilience is?

Cyber resilience is the ability to get your business up and running after suffering a cyber-attack, as well as putting practices in place to prevent the attacks from succeeding.


With over 90% of business receiving phishing emails, is it no longer a case of “if” your business gets attacked, you need to be thinking about what you are going to do “when” your business gets attacked.


Top Tips to Building Resilience:

  1. Ensure all your staff are using strong passwords. This means that they are unique – not used across multiple platforms – and not easily guessable.

  2. Consider using a password manager for your staff to use. Remember just one strong password and your manager remembers the rest. Watch our short video to find out more.

  3. Enable 2 Factor Authorisation (2FA) wherever possible, but specifically on any social media site, emails and anywhere you have payment details. This means that if your staff’s usernames or passwords are released, criminals still won’t be able to access the account. You can find more about 2FA here.

  4. Have offline backups and test the recovery of them. Companies falling victim to ransomware still pay criminals even though they have backups because they have never tested them, and then when they need the data the most, they find that they can’t recover.

  5. Ensure you have anti-malware on all devices, including your phones.

  6. Train your staff to recognise common phishing attacks and how to report them. Phishing attacks are the most common form of cyber-attack, and your staff can be your weakest link or your strongest defence, but only if they know what to look out for a do. The ECRC can provide bespoke Staff Awareness Training through our affordable student services.

  7. If you have a website, get a web app vulnerability assessment. This will look at whether your site is secure from the most common cyber-attacks against it.

  8. Install those updates as soon as possible. Criminals also know about the vulnerability and will craft attacks specifically for known vulnerabilities.

  9. Have an incident response plan and test that it will help when the worst happens. You can find free template plan to get you started here.

  10. Join the Eastern Cyber Resilience Centre. It’s free, and you will be kept up to date with the latest threats to your business as well as guidance, support and direction to free tools and services, and access to our affordable student services which can help with vulnerability assessments and staff awareness training amongst other services. Sign up now.

Why would they attack my business? I have nothing they want!

Criminals want data. Payment details, customer information, even shopping habits can be valuable to someone. Or maybe they want to take over your social media accounts to send phishing messages to your customers who will become further victims. Ultimately if they can make money from something they will try to.


But I’m too small to be a target!

Sorry, but you’re not. Even if you only have a Facebook account, you are a target for criminals. Most criminals will use automation to find vulnerabilities, so it is not about your size, it’s about your exposure.


I think I need help

The ECRC is here for you, for free. Our members receive regular updates which include the latest guidance, news, and security updates. Our weekly emails break down cyber controls into easy-to-understand bitesize chunks.


The ECRC is a policing-led, not for profit, membership organisation, with the aim to increase the cyber resilience within small and medium businesses within the East of England (Hertfordshire, Bedfordshire, Cambridgeshire, Norfolk, Suffolk, Essex and Kent).


You can contact the Cyber Resilience Centre for guidance and support through our e-mail mailto:enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.

Policing led - business focussed.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.