The Booksellers Association of the United Kingdom & Ireland Limited
53% of all crime against retailers is now linked to cyber security.   The British Retail Consortium (of which the BA is a member, and I sit on the Policy Board) has produced an excellent 44 page Cyber Security Tool Kit. 

The Tool Kit, inter alia, outlines the Risks to Retailers and then talks about what you might consider within your own businesses:
  •  
How to prevent
Prepare
Respond
Recover
Review
There is also a series of Check Lists:
Questions for the Board
Questions for Communication Directors
Guidance for SMEs.
 
This can be downloaded from here  or obtained from me in a pdf format. 
It has to be admitted, though, that although this Tool Kit has guidance for businesses of all sizes, it really is pitched more at the larger retailers, especially with the focus on the need before any breach to develop a whole host of contingency plans. 
 
Check list for small and medium sized retailers

Mindful of this, we have worked with specialist advisers to produce a simpler check list for our SME members.  Here are our 12 suggestions:
  1. Install the latest software and app updates.  They contain vital security upgrades which help protect against viruses and hackers.
  2. Run Windows Update.
  3. If you are using Microsoft software, it is important that you apply all Microsoft patches and updates and that you only use supported Microsoft operating systems to limit your own vulnerabilities. XP and Vista are no longer supported.
  4. Use proper anti-virus software services.
  5. Make sure your AntiVirus product is up to date and run a scan.
  6. Use strong and separate passwords for your key accounts, including email and online banking.  Use three random words to make a strong and memorable password.
  7. Never disclose security details such as passwords or PINs.
  8. Back up essential data at regular intervals.  You can't be held to ransom for data you hold somewhere else.
  9. Just because someone knows your basic details, it doesn’t mean they are genuine.  If there is something you are not sure about  - do not open it.   Please look at the address that is purporting to send you the e-mail.  If it reads (for example) something like:    From: Tim Godfray (igor@spammer.ru) then it may not be from me!  Be careful with e-mails including links.  Our advice would be to go directly to a website rather than click on a link.
  10. Provide staff with access to simple, freely-available cyber security training.
  11. Conduct a cyber security risk assessment for your business.
  12. Seek accreditation through the Government-endorsed ‘Cyber Essentials’ scheme.
Further information

www.cyberaware.gov.uk/toolkit
www.cyperaware.gov.uk/protect-your-business
https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance    
www.takefive-stopfraud.org.uk
 
I hope you find this information to be useful.