Following a number of cyberattacks on the retail sector in recent weeks, ACS is highlighting the crime guidance available on our website, which highlights the cyber security measures retailers can consider to make their business more secure.

Cybercrime is defined as a crime committed using online devices which act as both the tool to commit the crime and the target of the crime. It is an active threat to all UK businesses including the convenience sector.

Convenience retailers are encouraged to review their cyber security measures and colleague training to protect their business from cyberattacks.

Below are the security measures you should consider. This guidance is based on the National Cyber Security Centre Small Business Guide.

1. Back up your data, regardless of your business size. It is important to take regular backups of important data and ensure that these are stored separately from your computer and can be restored.
2. Protect from malware by installing anti-virus software, putting up firewalls, and keeping IT equipment updated with the latest software updates. Reduce your colleagues’ abilities to download software and control the use of USB drives in your business.
3. Keep smartphones and tablets safe by switching on password protections, keep your device and apps updated, and ensure that your device can be tracked in the case that they are lost or stolen. Avoid using unknown public wi-fi hotspots.
4. Strengthen your passwords. The NCSC advises that you choose three well-chosen random words that can be quite memorable but not easy to guess like TreeMugCar.

Retailers should also be aware of phishing emails and what these might look like. Phishing emails are reported as the most common type of cybercrime experienced by convenience retailers which pose as fake emails asking for sensitive information. You should consider the following actions:

1. Minimise colleagues’ IT interactions, giving them the lowest level of user rights needed to perform their jobs.
2. Look out for common tricks, which include sending an invoice for a service you have not used or emails that impersonate members of your team
3. Report all attacks and forward phishing emails to [email protected]. If you have been a victim of online fraud, report it to Action Fraud here.
4. Check for obvious signs in phishing emails, such as poor spelling and grammar mistakes.

You can download the full ACS guidance on cybercrime here: https://cdn.acs.org.uk/public/Crime%20Guidance%20Images/ACS%20Crime%20Guidance%202025%20Cyber%20Crime.pdf