NCSC releases Cyber Regulations for Merchants

The National Cyber Security Centre (NCSC) of the UK has given specific guidelines and regulations to assist shops, accommodation establishments, and utility services in preventing both themselves and their clients from the consequences of cybercrime.

The regulations are targeted mainly at businesses with an online presence, specifically those that use online customer accounts and those who face the danger of having their brand imitated by malicious users.

“Online shopping is broader, which makes it better, but unfortunately there are potential risks of shoppers’ accounts being hacked," stated Sarah Lyons, the Deputy Director for economy and society at the NCSC.

Businesses have a significant role to play in safeguarding online shoppers. As a result, new guidance has been implemented to help them do so. The guidance measures allow businesses to ensure their customer's safety online and protect themselves from cyber-attacks.

The guidance emphasises adding extra layers of security after set passwords. Different layers of security, such as OAuth 2.0 or single sign-on, multi-factor authentication (MFA), FIDO2, or one-time passcodes. The regulations also stressed the importance of considering security and the usability of individual authentication methods during the implementation process.

With an illustration of how it works,

Customers may be reluctant to buy from an online store if they need to purchase an additional device. FIDO2 tokens, which are in the form of USB keys, will not be advisable. Whereas it gives step-by-step guidance on how to remove, enabling hosting providers to remove fraudulent websites that make their brand appear legit, which may include false displays of products or services and fake reviews as a means of phishing.

Coupled with the advice, the NCSC sounded a general reminder to the public that they also have a role to play when protecting themselves online.

As a guideline, the public was encouraged to seriously adhere to the six safety set out in its ongoing Cyber Awareness:

- Use a separate and strong password for all email accounts

- Created passwords should be strong using the NCSC’s Three Random Words methodology

- Passwords should be saved in the browser

- MFA should be switched when made available

- All applications and devices should be up to date

- Companies should frequently back up data

The Office for National Statistics (ONS) estimated computer misuse offences were happening in the UK at 1.6 million within 12 months to 31 March 2022. It also saw an 89% rise from 2020, which shows that there is still an increasing cybercrime problem in the UK.

The government is dedicated to reducing such offences, from unauthorised access to systems or hacking to digital fraud. The NSDC recently launched a piece of information as it thrives on developing new proposals to arrest the growth.

Positive actions are carried out to address the problem, measures to be taken to address the problem, and full responsibility for doing so. The Home Office is conducting consultations by creating alternatives for inputting the risks associated with unauthorised access to UK citizens' data and online accounts. The consultation talks would last until 27 October 2022.