As a business owner, keeping your Shopify or BigCommerce store data secure is essential. Your store data is more than just information — it’s your whole business. Understanding how to protect the products, orders, customer lists, and everything else that makes up your online store can make or break your business.
Use Stronger Passwords & 2FA
Sometimes the simplest solution is the best one. When we’re looking into amping up security for your store, the best place to start is to elevate the security features you already have — like your password.
These days, every password needs to be 8 characters with one letter, one number, one capital, one lowercase, one symbol… It’s just too much. Modern passwords are hard to remember and easy to crack. So how do we solve that?
There are two simple ways to increase your password security.
Longer = Stronger
We often assume that we put so much work into our passwords so they won’t be guessed, but when our passwords are hacked, it’s often a password hacking tool that does all the work. In order to minimize your chances of having your passwords stolen, the best thing you can do is make it harder for hackers to steal them.
Simply put, a longer password decreases your chances of being hacked. Modern passwords are a lot like combination locks. The more digits, the more combinations there are, and the harder they get to guess. Using a passphrase is a great way to increase the length of your passwords without making them impossible to remember.
A password manager tool takes the hassle out of creating and remembering secure passwords. With just one master password, you can create, save, and autofill your passwords wherever they are required. We’re such a fan of the added security of password managers that our favorite, 1Password, is required for Rewind employees.
Set Up 2FA
Two-factor authentication, or 2FA, helps ensure that you’re protected by adding a second layer of security to your online data. When you sign in to your account, a one-time code will be sent to you by email, SMS text message, or through an authenticator app.
So if worse comes to worst and your password is somehow stolen, 2FA makes sure you’re still protected. It creates a two-part system; your password is something you know, while your 2FA is something you have. The combination of the two keeps your data secure.
Out of the three options (email, SMS, or an app), the most secure option is the authenticator app. When so many of us are guilty of using the same password for multiple sites, if someone already has your email address, they might already have your password too. SMS text messages are generally secure, but some fraudsters have taken up a practice called SIM Swapping that allows them to temporarily steal your phone number and any codes that might get sent to it.
But with an authenticator app, the code is stored locally on your device. No one can steal it, and only you have access to it. With this method, the only way to break into your account is to crack your password, find you, steal your phone, break into your phone, and then get the code from your app. Not even hackers have the time for that.
Manage Who and What Has Access to Your Store
Every person or app you give access to your store is another possible breakpoint. It’s important to be intentional about how and when you give anyone permission to access your store.
Update Your User Access and Permissions
Most of us do our best to hire great people. But something we tend to forget (or just don’t want to admit) is that even the best people can make mistakes. No one is perfect.
When you have a team of people, you want to make sure that they have all the tools they need in order to get their job done as quickly and efficiently as possible. But once you’ve given people access to your store, do you remember to change or revoke their permissions if they leave?
When we think of malicious or targeted attacks, we often think they come from professional hackers, but there’s a real risk of those attacks coming from unhappy employees looking to get back at the business for one reason or another. The best thing you can do to prevent this to is regularly audit the list of who has access to your store, and what permissions they have.
And for the employees you do have, make sure they only have the permissions they need in order to get their job done. Setting the right access limitations allows your team to do their job without the risk of mistakes beyond the scope of their role. That way if anything does go wrong, they can handle it and you don’t have to be the one to clean up the mess.
Be Selective With the Apps You Install
One of the best things about running an online store is the ability to customize your experience through apps and tools. But just like with people, access to your store is a privilege, not a right.
The best way to find out if an app is good or not is to ask the people who use it. Read any reviews you can find, particularly any one-star reviews. People are most honest when they’re unhappy, and if you’re able to spot themes in those reviews, it can help you understand what you’re getting into if you decide a certain app is essential for your business.
It’s also important to see what your apps can edit and change in your store. At Rewind, we’ve seen instances of buggy apps deleting entire product catalogs. Read up on what your apps have access to so you know what might be affected if anything goes wrong.
Back Up Your Store — Automatically
A lot of us don’t think of backups as a security feature, but it really is. Many stores are operating without a backup strategy and are suffering the consequences of downtime as a result.
Automatic backups are the best way to increase your store’s data security. . It’s a safe way to have an untouched history of your store so you’re free to update your products, experiment with messaging or images, and work with your team without the fear of mistakes.
But in order for that to be the case, it’s important to look for two things in a backup: they’re automatic, and they’re consistent (at the rate most businesses work, we recommend at least daily).
Myth: Everything is backed up because it’s in the cloud.
Busted: that’s not generally the case. Most SaaS tools operate under the Shared Responsibility Model, which puts the onus on you, the account holder, to keep your account-level data safe.
The old way of backing up online shops is not built to keep up with the tools we use today; backups must be automated. An automatic backup can literally be your backup plan when disaster strikes; whether your apps or employees turn against you, or you upload the wrong CSV file and erase weeks or months of hard work. A good backup can basically be used as a magic undo button.
With a good backup, you can restore your information in minutes, and at the end of the day, time is money. Downtime costs money. The faster you can recover from crashes or mistakes, the less money your store will lose.
So the bad news is that disasters are inevitable. The good news is there are tools out there to help protect you and your business. Rewind restores data every single day. Whether that’s because of small human mistakes or major bugs, we’re here when store owners are facing data loss – and lost sales.