The Booksellers Association of the United Kingdom & Ireland Limited
53% of all crime against retailers is now linked to cyber security.   The British Retail Consortium, (of which the BA is a member, has produced an excellent 44 page Cyber Security Tool Kit. 

The Tool Kit outlines the risks to retailers and then talks about what you might consider within your own businesses:
How to prevent

There is also a series of checklists:
Questions for the Board
Questions for Communication Directors
Guidance for SMEs

Although this Tool Kit has guidance for businesses of all sizes, it is pitched more at larger retailers, especially with the focus on the need before any breach to develop a whole host of contingency plans. 
Checklist for small and medium sized retailers

Mindful of this, we have worked with specialist advisers to produce a simpler check list for our SME members.  Here are our 12 suggestions:
  1. Install the latest software and app updates.  They contain vital security upgrades which help protect against viruses and hackers.
  2. Run Windows Update.
  3. If you are using Microsoft software, it is important that you apply all Microsoft patches and updates and that you only use supported Microsoft operating systems to limit your own vulnerabilities. XP and Vista are no longer supported.
  4. Use proper anti-virus software services.
  5. Make sure your AntiVirus product is up to date and run a scan.
  6. Use strong and separate passwords for your key accounts, including email and online banking.  Use three random words to make a strong and memorable password.
  7. Never disclose security details such as passwords or PINs.
  8. Back up essential data at regular intervals.  You can't be held to ransom for data you hold somewhere else.
  9. Just because someone knows your basic details, it doesn’t mean they are genuine.  If there is something you are not sure about  - do not open it.   Please look at the address that is purporting to send you the e-mail.  If it reads (for example) something like:    From: Tim Godfray ( then it may not be from me!  Be careful with e-mails including links.  Our advice would be to go directly to a website rather than click on a link.
  10. Provide staff with access to simple, freely-available cyber security training.
  11. Conduct a cyber security risk assessment for your business.
  12. Seek accreditation through the Government-endorsed ‘Cyber Essentials’ scheme.
Further information