Ecommerce has grown at an exponential rate in 2020. Much of the consumer economy shifted online due to the global pandemic, and the impact has been significant. A variety of industry pundits have noted that COVID-19 likely accelerated ecommerce adoption by five years. This wave continued into the early days of the holiday shopping season. Shopify, an ecommerce software company, reported its merchants sold $5.1 Billion worth of goods from Black Friday to Cyber Monday. That’s a 76% increase from last year. In addition, BigCommerce, another ecommerce platform, says their users sold 74% more than in 2019.

It’s unlikely this trend will reverse going into 2021. Even if countries start to get ahead of the pandemic, the appeal and ease of online shopping are here to stay. With this in mind, retailers need to start planning how they will grow and protect this part of their business in the new year. The rise in sales means more data, and all this data is critical for running an online brand.

 

Ecommerce Data: Seconds to Lose But Hours (or Days) to Replace

It may seem farfetched, but all the information that makes up an online store can be permanently deleted or lost. In fact, our 2020 Ecommerce Data Protection survey found that one in four stores has suffered data loss. The two biggest impacts of the data loss were the time it took to restore the site to the previous state and an immediate nosedive in sales.

It makes sense when you think about it. All the data that lives in an ecommerce store is vital to your operation. This could be product images, descriptions, customer information, orders, and more. If you don’t have access to these pieces, you don’t have a business.

There are usually three ways a store suffers a data disaster: human error, cybercriminals, and integration issues with third-party apps.

Human Error: Mistakes are inevitable; it’s human nature. And now that people are working from home with likely more distractions, the odds of making a mistake have gone up. Mistakes also happen from a lack of understanding or knowledge. We have seen merchants try to make a series of bulk changes but accidentally delete entire product lines. Or in a nightmare scenario, we have seen people with nefarious intentions start erasing sections of an ecommerce website. These are typically terminated employees or contractors. Whatever the reason, it's not a matter of if but when someone will make a dramatic error. 

Cybercriminals: Only a few short years ago, large brands like Target and Marriott were the primary targets of cybercrime. It’s all changed nowadays. Hackers are compromising businesses of all sizes with ransomware, phishing, and other attacks. In fact, attacks against small and medium-sized businesses (SMBs) were on the rise well before the pandemic. This past summer, the FBI reported a 400% increase in cybercrimes. All told, it could cost around $200,000 to recover if criminals get a hold of your data.

Third-Party App Integrations: They are a double-edged sword in the world of ecommerce. Different software connections can increase efficiency, create a better customer experience, and drive sales. However, many of them have an incredible amount of access and control over your data. Go back and read the terms and conditions for some of your favorite apps. You may be surprised to find that they have the authorization to manipulate or even delete your data. We have seen both of those things happen.

While there are more than these three risks, they are by far the most common. When we talk to retailers about these occurrences, the number one question we get asked is “Why does this happen? I thought the cloud saved everything.” The answer: It has to do with the way cloud computing and SaaS is structured.

 

The Shared Responsibility Model of Cloud Computing  

There is a stark reality around storing and protecting data in most SaaS tools. In short, online tools will protect all the code required to run your store. Since they are providing “software as a service” these businesses will ensure, to the best of their ability, that when you log in, everything will work.

But platforms like Shopify, BigCommerce, or other SaaS tools like QuickBooks and Trello can’t guarantee that all the information you input will be there. Cloud computing works on something called the Shared Responsibility Model. It defines how the responsibility for protecting data is shared between the platform and its users. Here is what it looks like for ecommerce:

rewind

Ecommerce Shared Responsibility Model. Image courtesy of Rewind

A lot of it comes down to a logistical challenge. Rewind backs up over 33 Billion pieces of data, spread across 70,000 users. That may sound like a lot, however, Shopify alone powers over one million businesses and manages an unthinkable amount of data. So even if SaaS tools wanted to try and locate any deleted or lost data, it would be like trying to find a needle in a field of haystacks. Therefore, merchants need a data protection strategy that works at the store level.

 

A Data Protection Strategy In Five Steps

  1. Restrict Access: Not everyone who works in or for your business needs access to every part. It’s a concept often called “The Principle of Least Privilege”. Only give people access to the sections that align with their skills and responsibilities. In other words, a marketing manager may not need access to the back-end code of your site. You can even grant or revoke access on a temporary basis.
  2. Keep Passwords Complex: We all know we should do it, but using hard to replicate passwords often gets overlooked. Yet it’s a simple and effective deterrent. A big part of the pain is managing the eventual dozens of passwords we end up needing. To solve this, use a password manager like 1Password. Using one will make your life a lot easier.
  3. Install Two-Factor Authorization:  Also referred to as 2FA, this involves having unique code or series of numbers sent to your mobile device. It can be delivered via text message or by an app. Many software platforms have 2FA built-in or you can sometimes use a password manager for this. This is another strong deterrent as only users who have the temporary authorization number on their mobile device can log in to your store. 
  4. Audit All Third-Party Apps: It’s important to understand how all these apps are accessing your data and what they can do with it. Once a year (a good time is in January) evaluate all the third-party apps you have installed, make a list of all the pros and cons and determine whether the value they are providing is worth the risk.  The same goes for installing new ones. Research how accessible and well-reviewed the software is. Here is a guide we wrote for best practices on evaluating apps. 
  5. Have a Backup Strategy: There are a few ways to go about this. One is the manual way. This involves exporting all the data you can from a store and keeping current copies of everything. It sounds simple, but it is an incredible amount of work, especially when a store has maybe a few thousand SKUs. We have talked to some customers who have spent dozens of hours a month just trying to stay on top of this. The other options are to use a back-up software that automatically restores all the data in your store. You can have a custom one built, which is a costly endeavor, or you can buy an off-the-shelf product. Just remember to do your homework and follow our advice on evaluating a solution. Not all backup software is created equal, and you want to ensure your data is protected.

 

These steps may sound involved, but they won’t compare to what’s involved with coming back from a data disaster. With the world transitioning to ecommerce, your online store is vital for ensuring your products are moving and sales are coming in. While you “can’t sell what you don’t have” in the retail world, you certainly can’t sell without a working online store in the ecommerce arena. Take the steps needed to ensure that all the goodwill and progress you made strengthening your online presence in 2020 is not wiped out in the coming year.