Cyber Risk Advisors
Subscribe
All Posts

A Safe and Sound Shopify Shop

So you've opened a Shopify store. That's great news! Chances are, you're making something really special and we're excited to help make you and your customers experience secure.

A Safe and Sound Shopify Shop
Photo by Roberto Cortese / Unsplash

There are two very important actions you should take if you haven't done so already - feel free to go do these now, we'll wait.

Enable Multi-Factor Authentication

MFA is easily the most important thing you can do today to secure your accounts. Shopify makes it incredibly easy.

Use Secure Passwords

Secure means a few things, first of all, it's a password you don't use for everything, second, it's a password that is difficult to guess. Using a password manager makes this so much easier. We have a few recommendations - check them out!

What You Don't Have to Worry About

PCI. It's an acronym well known by any security practitioner worth their salt. PCI stands for Payment Card Industry. The PCI mandates that if you process credit cards, you are held to a strict cyber security bar. Using Shopify removes your requirement to understand what PCI means for you. They handle it. It's that simple and transparent to you, the shop owner.

TLS. Another acronym that security practitioners should know. Transport Layer Security is that little lock icon in the URL bar of your web browser. Shopify handles this for you as well, removing your need to go out and obtain one. This lock indicates that when your customers are shopping on your site, the communication from their web browser and your shop can't be intercepted and eavesdropped on.

Back To You

At this point, we hope you've enabled MFA and are using a strong password for your Shopify store. But there are other things you can do to make sure your shop and customers stay safe.

Third-Party Apps

Shopify's third-party app ecosystem is a huge value add. It enables entrepreneurs (like you) to create apps and sell them in the Shopify Marketplace, it also gives you (the shop owner) increased flexibility over your shop.

There is a caveat though. Third-Party Apps are just that, third party. While Shopify does strive to ensure that these apps don't introduce vulnerabilities to your store, they can't possibly provide the coverage necessary for a vast ecosystem of Shopify apps.

We don't expect you to perform security audits of Third-Party Apps, but there are a few things you can do to minimize the risk.

  1. Look for apps that have a strong following.
  2. Remove apps you no longer use.

Enable Fraud Protection

Shopify allows shop owners to enable fraud protection, this enables Shopify to block suspected fraudulent transactions and removes the overhead fraud may pose on your store.

For instructions, check this out.

Store Employee Access

We love Shopify. The ability to add shop employees makes managing a busy store substantially easier. The problems come in when employees no longer need access, but their access has not been revoked.

Periodically review who has access to your store and remove unnecessary access. Oh, and if you have a couple of shared platforms for your business, consider an offboarding policy.

Backups, Backups, Backups

We can't stress this enough, you need to be backing up your store. There are a number of apps out there that do this for you. Backups can make or break your business.

In fact, it's not unheard of for businesses to simply shut down after a cyber security incident where no backups were available.

Phishing

Scammers target opportunity. You, as a shop owner represent just that. Keep a vigilant eye on your inbox. It's fine to be a skeptic here, if it's too good to be true, it probably is!

Some common topics for small business owners are wholesale pricing, registration fees, and customer acquisition.

Other attributes of phishing emails are:

  • Sense of urgency
  • Emotional response
  • Unrecognized name

They don't always have misspelled words, and high-quality scammers will not always lead with the trick. You may find yourself building a virtual relationship with a scammer before they make their move.

Sometimes, you just need a second opinion. Share the communications with a few friends and family and get their opinion, if they think it's a scam as well, then it probably is.

Summary

Following all of these steps substantially reduces your risk as a shop owner. Now quit worrying about cyber security and go make something special!

Get in touch today!


Contact: [email protected]

Adversis: https://adversis.io

Adversis ACS: https://acs.adversis.io

Read next