Citrus-Lime Knowledge Base

Sorry, we didn't find any relevant articles for you.

    Simple Cyber Tips to Keep Your Retail Business Safe

    Some best-practice guidance for cyber security

    Important Notice

    This guide is for informational purposes only and does not constitute legal or professional advice. Cybersecurity is the responsibility of each retailer, and it is essential to assess your business's specific risks and requirements. While we aim to provide general best practices below, we strongly recommend consulting a qualified cybersecurity expert to ensure your business meets appropriate security standards.

     


    Staff Training & Awareness

    Train all staff, especially those handling POS systems, customer data, or admin panels.

    Educate employees on phishing, social engineering, and recognizing suspicious links.

    Conduct regular refresher courses and simulate phishing emails to build awareness.

     


    Access Control

    Implement role-based access control (RBAC)—staff should only access what they need. You can find more about access levels in Cloud POS in the following HowTo: Managing Cashiers // Security Levels Explained.

    Ensure each staff member has an individual user account (never shared) with audit logging.

    Cloud POS also provides an optional IP Whitelisting functionality, which allows you to control access to Cloud POS by specifying which IP addresses can access the system. There is more about this in the following HowTo: How do I restrict access to Cloud POS by IP address?

    NB, whitelisting should be used with care, as it is possible to lock yourself out by mistake. We'd recommend contacting the Support Team for assistance if required before or after enabling whitelisting.

     


    Multi-Factor Authentication (MFA)

    Require MFA on all supported systems, including Citrus-Lime products and any other admin dashboards, email accounts, and CRM platforms.

    Use authentication apps like Authy or Google Authenticator, or hardware security keys for sensitive access.

    You can find more about MFA for Citrus-Lime products in the following HowTo: How do I set up and use 2FA for my Cloud POS group?

     


    Device Management

    All business devices (POS, tablets, staff PCs) should have:

    Antivirus software

    Automatic OS/software updates

    Remote wipe capability for lost/stolen devices

    Mobile Device Management (MDM) for company-owned mobile devices

     


    Incident Reporting Policy

    Make it easy and mandatory for staff to report security incidents or suspicious activity.

    Ensure a clear escalation process is in place for reporting threats.

     


    Network & System Setup Best Practices

    Secure Wi-Fi & Networking

    Separate guest/customer Wi-Fi from internal business networks.

    Use WPA3 encryption, strong passwords, and MAC address filtering.

    Regularly change Wi-Fi credentials and avoid using default router settings.

     


    Firewalls & Intrusion Detection

    Use hardware firewalls for all store locations.

    Deploy Intrusion Detection/Prevention Systems (IDS/IPS) like Snort or Suricata.

     


    VPN for Remote Access

    Require a secure VPN for remote staff access.

    Protect VPN access with Multi-Factor Authentication (MFA).

     


    Endpoint Protection & Patch Management

    Automate patching for all devices and systems.

    Maintain an inventory of all devices and conduct regular audits.

     


    Data Encryption

    Encrypt sensitive files and store them securely in the cloud.

     


    Backup & Recovery

    Use ransomware-resistant backup solutions and ensure regular backups.

     


    In-store Payment Security

    Ensure PCI-DSS compliance if handling card payments in store.

    Never store cardholder data directly.

    Your Citrus-Lime eCommerce website does not store or collect cardholder data directly, and only works with PCI-compliant payment partners to ensure security of payment data online.

     


    Comply with UK GDPR: collect only necessary data, store it securely by protecting your accounts with strong credentials and MFA, and allow customers to access or request anonymisation/deletion of their data.

    If you'd like to know more about anonymising data in Citrus-Lime products, you can find this in the following HowTo guides:

    Cloud POS // How do I anonymise Customer Information in Cloud POS?

    Cloud MT // GDPR & The 'Right to be forgotten'

    Customer Rewards // How do I anonymise customer information in Customer Rewards?
     

    Appoint a Data Protection Officer (DPO) if legally required.

    Register with the ICO (Information Commissioner’s Office) if processing personal data.

     


    Annual penetration testing of your eCommerce website or vulnerability assessments.

    Obtain Cyber Essentials certification—a UK government-backed scheme to guard against cyber threats and demonstrate cybersecurity commitment.

     


    By implementing these cybersecurity measures, you can better protect your retail business, customer data, and financial assets.

     

    Was this article helpful?

    Still can't find
    what you are looking for?

    Our support team is here to help you.

    Contact Support

    Knowledge Base Software powered by Helpjuice