
Why your small retail or wholesale business needs cyber protection
Read time: 6 mins Added: 09/05/2025

In collaboration with Norton
This article is developed in collaboration with Norton – one of the leading cyber safety providers, offering antivirus and device security plans.
Cybersecurity basics
Retail and Wholesale is one of the five sectors most vulnerable to cyber threats1. From compromised customer data to financial losses, regulatory penalties, and reputational damage, a single cybersecurity breach can significantly impact your business. Find out what makes your business vulnerable and how to protect it from cyber criminals.
The aim of cyber criminals is to gain unauthorised access to your business’ devices, networks, and programs, and use that access to steal sensitive information and extort money. In a retail environment, this could mean stealing your customers’ data, accessing your online store’s backend, or impersonating your business to defraud your customers. In wholesale, it could involve gaining access to sensitive supplier or order data or manipulating payment details.
Beyond the immediate disruption to operations, such as halted sales, delayed orders, or compromised inventory systems, there can be significant financial losses and reputational damage. For many small businesses operating on tight margins, the impact of a cyber attack can be difficult to recover from, and in some cases impossible2.
Cybersecurity is all about protecting those same devices, networks and programs, and the data they hold. Whether you run a retail store, sell online, or operate as a wholesaler, cybersecurity is essential to keeping your business safe and secure.
Could your small retail or wholesale business be at risk of a cyber attack?
The cybersecurity breaches we tend to hear about are the big ones: when a large business’ customer data has been compromised, or its normal operations have been seriously disrupted. These attacks make the news, but rarely – if ever – destroy the business.
The cyber attacks we don’t hear about are the ones that affect small businesses. Yet they often have more devastating effects than the headline-grabbing stories. In fact, in the UK alone, 60% of small organisations go out of business within six months of a cyber attack3.
Cyber criminals are well aware that most small businesses don’t have an in-house cybersecurity expert. They know that in a small business, there’s less of a budget for enterprise-grade security technology, and that IT practices may be less strict and less secure. And that means the criminals have more opportunities to gain unauthorised access.
Targeting a small business won’t provide them with such large returns as attacking a large one. But the likelihood of success is much greater, and the opportunities more numerous – simply because there are so many small businesses (90% of businesses worldwide are classed as ‘small’). So those smaller returns quickly add up, with very little risk involved.
The good news is that effective cybersecurity for a small business doesn’t have to be a big challenge. With the right combination of tools, technologies, and practices, just a few small steps can secure your business and deter the criminals.
Where does it all go wrong?
In retail specifically, Point-of-Sale (PoS) systems have historically been a target, especially when left outdated. However, the threat landscape has shifted. While PoS attacks remain a risk for physical stores, phishing, ransomware, and platform-based exploits are common across both retail and wholesale operations.
Nowadays, you couldn’t operate your business without digital technology. Even if it’s just one PC, you would be lost without it. And the more technology you use, the more you come to rely on it – and the more vulnerable you are to cyber risks and threats.
This is especially relevant for e-commerce business owners, who depend heavily on digital systems to manage customer data, process payments, and run daily operations. The constant exchange of sensitive information makes them attractive targets for cyber criminals.
Cyber risks range from ransomware and phishing to social engineering attacks – you can discover what these and other cybersecurity terms mean in our cyber glossary. It’s not just criminals who are threatening your business – the way your business operates and the technologies you use can also present cybersecurity vulnerabilities. It’s important to consider the following in terms of how your business operates:
Bring Your Own Device (BYOD) policy
Do you or your employees ever work on personal devices – smartphones, tablets, or laptops – at home, on the shop floor, or in the back office? If they do, it can seriously compromise your business’ security.
Personal devices are often used in insecure locations on insecure networks (in coffee shops or airports, for example). So, they are far more vulnerable to being hacked than business-only devices used on the business’ secure network. Also, when personal devices are used for non-business purposes, such as gaming, it is easy for an employee to unwittingly download malware. This then has access to attack the rest of your business network.
Working from home
Remote working is becoming more common across retail and wholesale operations, especially for staff managing online stores, marketing, or inventory systems from home. But even though most small businesses are used to the idea, their cybersecurity – and employees’ awareness of the risks – may not have caught up. So working away from the office can make even dedicated business devices more vulnerable to cyber threats.
For example, used at home, those devices may be shared with non-authorised people, such as family members who may access less than safe websites, introducing ransomware or viruses onto the machine. Legitimate business information and data may be accessed through unsafe networks – such as public wi-fi. And dangerous emails received out of the office may avoid spam filters or be opened inadvertently – compromising sensitive business information and exposing your business to risk.
Cloud applications
Cloud technology has transformed retail and wholesale operations from inventory management to customer relationship tools, but it also has introduced new risks.
Although information stored in the cloud is generally secure, if attackers get hold of stolen credentials they can gain access and exploit the information however they want. Alternatively, they may gain access through insecure Application Programming Interfaces (where programs or devices are communicating with each other). The more sophisticated cyber criminals specifically target cloud environments and use public cloud services to operate cyber attacks.
And using the cloud may lull a business into a false sense of security that there is no need to back-up data. Yet if the data is permanently lost, it can be catastrophic.
What steps can you take to protect your business online?
There are several relatively easy and inexpensive things you can do to address the vulnerabilities. Together, they could save your business.
Antivirus
Installing and monitoring antivirus on all devices to secure every point of entry.
Regular vulnerability scans
Regular scans ensure that antivirus, passwords, and any other software are up to date.
Email encryption
End-to-end encryption directly on user devices ensures information only ends up in the right hands.
Secure authentication
There are several ways to achieve this, but password policies and multi-factor authentication are some first steps.
Secure employees anytime, anywhere
Provide a VPN connection to remote workers to secure access to organisations data and applications.
Security awareness and training
Educate employees on practices that protect themselves and your organisation, such as recognising scams and creating strong passwords.
Enforceable processes and policies
Make sure everyone knows how to keep the business safe. Establish clear direction regarding what data needs protecting and how.
Backup and disaster recovery
It prevents you from losing sensitive and valuable data in case of accident or emergency.
As a minimum requirement, your business needs an antivirus, online and offline back-ups and network monitoring. Fortunately, your small business has the advantage of being able to act quickly to get cybersecurity in place. With specialised cybersecurity protection products, such as Norton Small Business, you can get comprehensive cybersecurity protection for your business' devices and the passwords, customer data, and financial information you store on them.
- Statista – Distribution of cyberattacks
- Shopify – Retail Cybersecurity in 2025: Trends, Risks, and Solutions
- Made in Britain – UK small businesses hit hardest by cyber attacks

Norton Small Business can help protect you
Through our collaboration with Norton, you can get special discounts on Norton Small Business plans and benefit from an extended 60-day free trial.
While all reasonable care has been taken to ensure that the information provided is correct, no liability is accepted by Bank of Scotland for any loss or damage caused to any person relying on any statement or omission. This is for information only and should not be relied upon as offering advice for any set of circumstances. Specific advice should always be sought in each instance.