Sergey Nivens - Fotolia
How retailers can manage data loss threats during remote work
Mike Potter breaks down three of the largest data loss causes for e-commerce companies -- human error, cybercrime and third-party integrations -- and how to prevent them.
It's been a banner year for e-commerce, and sales have blown past last year's records. Two e-commerce platforms, Shopify and BigCommerce, reported in December over a 70% increase in sales from merchants that use their software tied to the recent holiday shopping surge. We expect the momentum to continue into 2021, since the rise of remote shopping, caused by the global pandemic, isn't likely to stop anytime soon.
Neither is the shift to remote work. Retailers will continue to manage their staff and the risks created by having a virtual team from afar. Some of these risks will be similar to the ones faced in traditional retail; others will be new. A critical one will be protecting all the data that is collected by, and flows through, your e-commerce store.
Lost data equals lost sales
There is an old saying in retail, "Stocked shelves lead to stronger sales." In other words, a lack of inventory negatively impacts revenue. The same can be said when shoppers browse your virtual shelves. They won't buy what they can't see. And this is why protecting data is critical. According to our 2020 e-commerce data protection survey, one in four online stores have lost vital data -- product images, product descriptions and more. The fallout of this loss is typically an immediate nosedive in sales.
The key causes of data loss in e-commerce are, in no particular order: human error, cybercrime and third-party software integrations.
Human error
It's never a matter of if, but when someone makes a mistake. In today's remote-first work environment, there are numerous ways people can err. The distractions of home life, and the rush of many retailers to get online, created a perfect storm for potential errors. In our experience, mistakes are most often caused by a lack of experience with software, negligence or just a basic misunderstanding of how online software tools work.
The best strategy to address this risk is called the "principle of least privilege." Essentially, you limit access to business-critical tools based on people's skills and scope of responsibilities. Only the people who need access to something, get access -- whether they are full-time employees or short-term contractors. If your software tools allow for this, always provide the fewest permissions needed to complete a task.
Cybercrime
We still see the misconception that only large, multinational companies are the victims of cyber attacks, but that's simply not the case. Businesses of all shapes and sizes are now being targeted by cybercriminals. Ransomware, phishing and other types of criminal behavior have been plaguing small to medium-sized businesses for years now, and the FBI reported a massive spike during the pandemic. Recovering from these incursions can be significant, as a Hiscox report showed the cost to be nearly $200,000 in some cases.
One of the most straightforward ways to guard against these attacks is using complex passwords, integrated with a password manager. However, if you really want to step up your security game, start using two-factor authentication for your e-commerce site and any other tools that allow for it. Also called 2FA, this is a login process that involves having a unique code or number sent to a mobile device. These authorization codes are only valid for a short period of time, and you can't log in without one. It's one extra layer of defense to deter would-be criminals.
Third-party integration dangers
While an e-commerce store often relies on many software tools to help make day-to-day operations a little easier, it's likely that the number of apps being used has gone up with the increase in remote work. However, separate software tools don't always play nice together, and the level of access and control they have over your data might surprise you. Some even have the ability to delete your data without warning.
At least once a year, e-commerce merchants should audit all the applications connected to their online store. Terms and conditions can change so it's best you understand any changes in the last 365 days. List all the pros and cons of each integration and decide if any tradeoffs are worth it.
SaaS doesn't save everything
Software-as-a-service (SaaS) tools will always ensure the nuts and bolts of the platform work. However, protecting all the data stored inside a SaaS or cloud solution like BigCommerce or Shopify rests on the shoulders of users. If you don't fully back up all the content and information in your store, there's absolutely no guarantee it will be there the next time you log in.
This model isn't limited to just e-commerce platforms. Accounting software like QuickBooks, productivity tools like Trello and even code repositories like GitHub all follow the same model. Your data is essentially lumped in with billions upon billions of other data sets. So even if a SaaS company wanted to find and restore your data, it may not be able to. In order to have a fully realized data protection approach for 2021, we recommend one last thing: Put a backup strategy in place, whether that means using cloud storage, backup-as-a-service software or something else.
It's never too late to start protecting data
The transformational shift to remote work caught many brands off guard. For many, the first part of 2021 will be spent catching up on things overlooked in the rush to move retail operations online. The risks to your store are likely one of these things. The good news is that many processes for protecting vital business data are simple to implement. The key is to get started. So, ensure sales will keep coming in throughout 2021 by putting your data protection strategy in place.
About the author
Mike Potter is the co-founder and CEO of Rewind, a cloud data backup provider. Rewind is trusted by over 30,000 businesses to protect their data on platforms such as BigCommerce, Shopify and QuickBooks. A veteran entrepreneur, Mike has over 25 years of experience building solutions for the software, cloud and data analytics space, including tenures at Adobe and Mozilla. He earned his MBA from the University of Ottawa and his B.Eng in Mechanical Engineering from McMaster University. Mike currently resides in Ottawa, Canada.