Cyber Security in the Retail & eCommerce Sector

The Cyber Resilience Centre are committed to supporting retail and online stores in the North West region by offering a range of free guidance, industry-specific events and affordable cyber security services. Our guidance has been designed by seconded Police officers and ISO accredited Risk Managers which are aligned to the UK Government’s Cyber Essentials certification scheme and ISO 27001.

The Cyber Resilience Centre works to support retail and eCommerce businesses in Greater Manchester, Lancashire, Chester, Merseyside and Cumbria.

Just 46% of retail businesses have a cyber strategy in place - which is below the global average (52%) for all businesses. 

No retail business is too big or too small to consider its cyber security strategy, whether you have 50 customers or 100,000, the data you retain on your customers and staff is of huge value to a cyber-criminal. The threat also increases with a hybrid workforce who aren't aware of the risks when working remotely.

The Cyber Resilience Centre can provide you with regular security updates and guidance to keep them updated on the latest threats and cyber-attacks facing the retail sector.

What Threats do Retailers Face?

Online Payment Systems

Attacks on web applications such as a company’s online payment system are the most common type of attack for retail companies to suffer. Cyber attackers attempt to breach a payment system and install malicious code that can steal the credit card details of a retail store. 

Point-of-sale (POS) Attacks


POS attacks take place when malicious malware is installed on systems used to conduct financial transactions. The malware is designed to steal customer payment data, particularly credit card data from checkout systems.

Insider Threat

Often those who launch insider threat attacks are disgruntled current or ex-employees who are looking to cause trouble for the employer, whether this is financially or reputationally. These types of attacks are often less technical and are usually able to take place when access has not been revoked or when a device containing sensitive information has been stolen and published online.

Remember your Supply Chain

Your supply chain is vulnerable because it’s common for vendors to have a small security budget or knowledge than you as a retailer. Even if you as a retailer are fully compliant and secure, one vulnerable access point from your supply chain could lead to a massive problem that the retailer is ultimately responsible for.

How can the Cyber Resilience Centre help you stay secure?

We can provide a range of affordable, professional cyber security services that help you assess, build and manage your firm's cyber security capabilities, build confidence in your staff, understand your vulnerabilities and secure your business. 

You can also download our Cyber Incident Response Pack, which contains documents to help support your business plan its response to a cyber incident. These documents are designed to compliment any existing plans or assist you in creating one. 

Security Awareness Training


As a business, you will regularly store, manage, and oversee valuable personal and financial data from your clients. You’re entrusted with sensitive business data and you need to be aware of the latest cyber-related risks and cyber-attacks.

Secure your Digital Footprint

We can perform a comprehensive review of publicly available information about your business. This can help you learn what is being said about your company, what account details or passwords have been leaked or if there are any damaging news stories or social media posts.

Vulnerability Assessments


It's important you test your IT system configuration with a vulnerability assessment, this assessment uses the same techniques used by hackers to ensure your company is not wide open to a cyber attack.

Cyber Health Check

We have designed a Cyber Health Check to provide eCommerce businesses with a summary of their cyber risks through a self-assessment questionnaire and police-certified recommendations report and action plan.

facebook icon.png
instagram icon.png
linkedin icon.png
twitter icon.png

Don't forget to secure your social media accounts!

Cyber attacks can be incredibly disruptive to your business, especially if you are reliant upon using Facebook’s marketplace, Instagram and Twitter to generate revenue over social media. Unsecured social media accounts reported losing £3.8 million to social media attacks between February 2020 and February 2021.


Remember to have strong passwords, your first level of protection when securing your online accounts or customer data is a strong password. Whilst complex passwords can be difficult to remember, the National Cyber Security Centre (NCSC) encourages businesses to use three random words; such as HouseForestFlower. This helps you protect against common issues like brute force attacks. This is where an attacker tries many passwords with the hope of guessing them correctly. 

Stay secure on mobile devices

To make it easy to log in, many people who don't have their settings require two-factor authentication for social media on mobile devices. Although you may not want to require a password each time you log in, you must have passwords to lock your phone and prevent unauthorized use of social media accounts. Facial recognition and fingerprint scanning are also available to keep accounts secure on mobile devices. 

The latest retail and eCommerce news

Would your business pass a Cyber Health Check?

Our Cyber Health Check is an audit of your business strengths and vulnerabilities, helping to protect your business from the latest cyber threats by filling out a self-assessment questionnaire.

The results of this three-step questionnaire help us identify the next steps you need to take to make your business secure.


We'll provide a police-certified recommendations report and plan how we can protect your business going forward.