The companies with the healthiest balance sheets in 2020 will be the ones who sell their products or services online. Thankfully, launching an eCommerce site is a relatively simple affair if you haven’t started already.
Do-it-yourself eStores like Shopify, Squarespace, and Wix have been around for years, while digital marketing agencies have exploded in popularity for retailers in Rochester who don’t have enough time for web design.
In an interview with the Democrat and Chronicle, Keith Myers (the owner of Flour City Bread Co.) said he always wanted to have an eStore but the coronavirus pandemic turned it into a need.
Keith and other local businesses are beginning to realize that eCommerce is much more than a COVID-19 coping mechanism. Because like remote working, people have been forced to try something new and they’re planning on making it a habit after the pandemic subsides.
Once things go back to normal, I will probably order online again. It was really easy," Maria Alvarado said in an interview with CNN.
Hopefully, you read our blogs often enough that one of your first thoughts is, “How can I ensure that this aspect of my IT is safe from hackers?”
Cybersecurity considerations for Wix, Squarespace, and Shopify
As much as we advocate for a website that is more flexible than these platforms allow, they do a very good job at cybersecurity. Like any hosted service, they take care of all the updates for you, which eliminates the majority of potential vulnerabilities.
The SuperNova Email Collector plugin is a real-world example of how hackers target eStores on DIY website platforms. The plugin made it easier to collect email addresses from website visitors, but the people who created it abandoned the plugin and black-hat hackers swooped in to buy up the domain name.
As the new owners of SuperNova Email Collector, they replaced the plugin’s programming code with their own. The result was that anyone who was using the plugin on their site was unknowingly redirecting visitors to a malicious site.
The DIY website platform quickly removed SuperNova from its plugin store and notified its clients who were already using it to remove it as soon as possible (since removing it from their sites without permission could have caused even bigger problems).
The moral of the story is that you should pay extremely close attention to security notifications from Wix, Squarespace, and Shopify. There are times when you’ll need to take action.
If you want to be proactive about website security on one of these platforms, these are our recommendations:
- Use a password manager to ensure your logins are unhackable (if you don’t, anyone could bypass all your other security measures).
- Manually check that all of your site’s apps or plugins are up to date and still supported.
- Confirm that SSL is enabled for your eStore (here’s how on Squarespace and Wix).
Although protecting customer data should be a top priority, these platforms do come with serious design and development restrictions. As your online sales grow, it may eventually make more sense to build a new site from the ground up.
Cybersecurity considerations for eStores built from scratch
Open-source website designers like WordPress require a lot of maintenance. It’s not just the apps and plugins that you connect to your site that need updates; the platform itself needs to be periodically updated.
If you aren’t paying an IT expert to spend 10–12 hours per month to secure your site, you’ll increase the likelihood of:
- Distributed denial of service (DDoS) attacks – Basically, hacker groups (such as the Iranian Revolutionary Guard Corps) command thousands of “zombie” computers to connect to your site every second until your web server crashes.
- Man-in-the-middle (MITM) attacks – A hacker intercepts information passed between a site visitor and your web server (in eCommerce this is usually employed to steal credit card numbers).
- SQL injection attacks – Hackers can submit a programming command to a form on a webpage and instead of simply storing the information as a form submission, the site executes the command. The most common trick is exporting a site’s customer information to the hacker who submitted the command.
- Cross-site scripting (XSS) attacks – If you or another eStore administrator visits a malicious webpage (e.g., one link included in a phishing email) the hacker who created that webpage can steal a small file known as a “cookie” and use it to log in to your website without your username and password.
As frightening as these threats are, there’s never been a better time to jump into the eCommerce sector. Consumers are ready to buy as long as they can do it from the safety of their own homes.
Build it (safely) and they will come.