Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

UK: NCSC publishes guidance for retailers on authentication methods and removing malicious websites

The National Cyber Security Centre ('NCSC') announced, on 21 September 2022, that it had published guidance for retailers on choosing the right authentication methods and removing malicious websites. In particular, the NCSC noted that the two guidelines are designed for retailers with an online presence, particularly for those which have online customer accounts and those who are at risk of having their brand spoofed by criminals for malicious purposes.

Moreover, the NCSC highlighted that the guidance titled "Authentication Methods: Choosing the Right Type" helps organisations to select an appropriate authentication method that goes beyond passwords to help customers secure their accounts, such as two-step verification, OAuth, and one-time passwords, and encourages decision makers to consider the security and usability of each method. Furthermore, the NCSC emphasised that the guidance titled "Takedown: Removing Malicious Content to Protect your Brand" provides a step-by-step guide on how an organisation can remove malicious websites, having spoofed their brand to make it seem legitimate, and can include false representation of products and services, fake endorsements, or cyber criminals using the brand in phishing campaigns.

You can read the press release here, and download the guidelines here and here, respectively.