4 Security Tips for Your Online Store

The security of your online store is important but often forgotten. Practical steps to make your online store safer today. One of our clients was hacked last week: Facebook page taken over (the business lost access), advertising budget misused for a spam website, and €3000 withdrawn from a PayPal account.

This can be prevented and avoids a lot of distress. I was hacked in 2014 and narrowly managed to regain access to my account. Since then, I know how frightening it is when you no longer have access to your own accounts. If you have an online store, this could mean the end of your business. In this article, I will explain how to minimize the chances of being hacked.

The weakest link is often your personal email address. That is often the problem. You may have a strong password, but if an intern gets hacked and they have access to the 'passwords' document in Google Drive, then a hacker has access to that too.

1. Secure Your Own Email Address
2. Secure Essential Business Apps
3. Increase the Security of Your Colleagues
4. Set Up a Password Manager
   ‍

Online break-ins work just like physical break-ins.

If you use the same password, hackers can easily access your account. Here’s how it works: large companies, like LinkedIn in 2012, get hacked, and usernames and passwords are sold online.

Now you might think: what do they gain from my LinkedIn? The trick is that hackers can see who uses the same password for different websites. Then you become a target.

Do you want to know if your data is for sale online? Go to https://haveibeenpwned.com/
‍

Using the same password across different websites makes you a target.

Hackers buy multiple databases and check which accounts have the same password in those two databases. If your password for LinkedIn, Pinterest, and Last.fm is all ‘ILOVEMYBABY1994,’ then it’s very likely that your Gmail has the same password.
‍

Email is the Key to All Your Accounts

If your email (Gmail) gets hacked, a hacker has access to all your accounts. The hacker can set a new password via ‘forgot password.’

This happened to me in 2016: through my personal Gmail, the hacker gained access to my business email. They also hacked my LinkedIn through the "forgot password" feature. All my contacts received a spam message via DM. You really don’t want that.

If you have an online business, like a web store, your email also gives access to customer data and payment information.
‍

How Does 2FA Work?

Two-factor authentication (2FA) uses a third component (in addition to your email and password). This code changes every time. Even if someone has your email and password, they cannot log in without this extra code.

• Google Authenticator app (explanation).
• If you lose your phone or it breaks, you will no longer have access. Therefore, the backup codes you receive when setting up Google Authenticator MUST be kept safe. Make sure to store these codes securely, either by printing them or saving them digitally in a secure location. Do not store them on your phone but somewhere else.

Improve the Security of Email Addresses in Your Organization:

• Set up two-step verification for all email accounts. Google manual, Microsoft manual, iCloud manual
• Every employee has their own login, no shared passwords, and no general info@ email address for everyone.
• Access to email is possible via a shared inbox or by granting permission to colleagues. Managing a support inbox with multiple colleagues is possible with 2FA.
  ‍
  

Set Up 2FA for Shopify

Set up 2FA for your backend. “But then my intern can’t log in with my account.” That’s exactly what you want; if an intern can log in, a hacker can too.

• Shopify 2FA guide, Magento guide, Woocommerce via WordPress 2FA app, and thus a custom installation.
  ‍
  

Set Up 2FA for Email Marketing Tools

Set up 2FA for your email marketing account.

• Klaviyo 2FA, Mailchimp 2FA, ActiveCampaign 2FA
  ‍
  

Set Up 2FA for All Payment Gateways

• Paypal 2FA
• Buckaroo 2FA
• Adyen 2FA
• Stripe 2FA
  ‍
  

Set Up 2FA for Facebook Business Manager

• Facebook Business Manager 2FA (via personal Facebook account), Google Ads manager (via personal Gmail)
  ‍
  

Each User Has Their Own Account

A major problem is sharing passwords among each other. A former intern still has access. If this intern's personal Gmail gets hacked...