Ecommerce is thriving. There are 1.3 million ecommerce companies in North America, with nearly $600 billion worth of goods sold last year in the U.S. alone. That’s an increase of 15% over 2018. Ecommerce sales accounted for more than half of all growth in retail sales in 2019, the highest proportion since 2008.
This impressive growth might obscure the fact that it takes a tremendous amount of time and effort to get an online retail business going. That means many hours spent finding start-up money, choosing a platform, figuring out shipping, branding and marketing, photographing SKUs, and crafting product descriptions. It’s all for the adrenaline rush of that first sale, and with some luck, consistent revenue will start to come in.
In such a competitive space, any minute when a merchant can’t process a sale means lost revenue. Worse still, they may lose the customers who visited during that time—forever. Customers have unlimited options, and if a site doesn’t offer an effortless experience, they move on to the next one. Being down for even a few hours can do a lot of damage.
Now, imagine if that happens during a critical sales period—say Black Friday / Cyber Monday or the holiday season. Goods sold during this period can represent 20% to 30% of a business’ total annual sales. That’s nearly a third of annual sales in one month.
That’s what happened to Gymshark, a successful online fitness brand out of the UK. A third-party app on their store ended up crashing their site during Black Friday peak sales hours in 2015. By the time they resolved the issue eight hours later, they had lost $140,000 in sales.
You’ve probably heard of incidents where high-volume traffic crashed a website. But high volume is just one of the threats that can shut down an ecommerce store for days. There are others that can break the website temporarily, or even delete it for good:
1. Cyber attacks. It used to be that only the big guys were the victims of cyber attacks. Facebook, Target, Yahoo, AT&T, eBay, Home Depot, Google, Marriott—all of these companies have been famously targeted in recent years, compromising sensitive customer data such as logins, passwords, credit card numbers, passport information, and more.
But cybercriminals are now adopting a size-doesn’t-matter strategy, attacking much smaller businesses. In 2019, 30% of small businesses surveyed experienced an official security breach. Of those, 70% were forced offline for a time, 37% lost money, 25% filed for bankruptcy, and 10% were forced to close down completely. Ransomware incidents in the U.S. more than doubled in 2019. Brute-force, automation, and password-spraying attacks are also on the rise.
2. Third-party integrations. Most ecommerce merchants use up to 10 third-party integrations to help with billing, ordering, store optimization, emails, chat, and so on. All of these apps require some kind of access to the store. Some want just to “view” or “see” the data, and that’s okay.
Others want to “manage” or “modify” data, and those are the ones that could cause trouble. The deeper the integration is within the store, the higher the risk of a third-party app making a devastating change to your site.
3. Accidental or deliberate human intervention. Freelancers, distracted workers, or even optimistic employees who think they can write code can all make mistakes with potentially disastrous consequences. If someone isn’t paying close attention to simple tasks like cleaning up product pages or blogs, they can easily delete critical information—permanently. Even bringing on “qualified” contractors can go very wrong.
Sites are also vulnerable to mischief from disgruntled employees. We know of one case in which a developer purposely deleted over 3,000 product listings from a site.
It’s a chilling thought that, in a single instant, a merchant could lose everything they’ve labored over for months or years. It could be weeks before they get back to where they started, or never.
We hear that a lot. The reality is, some of it is saved in the cloud, but not the kind of specific data you need to restore your online shop. When any of the above threats materialize and site data is lost, even the most reliable ecommerce platforms won’t be able to get it back. That’s just not how it works.
Reputable ecommerce platforms ensure their own software and infrastructure will always be up and running, but this doesn’t extend to individual stores. It would be nearly impossible for these platforms to restore all of the data, in all of the shops that they host.
Here’s what DOESN’T typically get backed up:
Here are some steps you can take to help prevent and mitigate the effects of data loss.
These are some best practices you can follow to make it tougher for cyber criminals to get into your site in the first place.
1. Create unique passwords for all staff and everyone who touches your online store. Resist the temptation to choose passwords you can easily remember. Follow best practices to create passwords that are difficult to hack, and use password manager apps like 1Password or LastPass to keep track of them. NEVER save passwords in a web browser such as Chrome or Firefox, because they don’t require passwords to view stored credentials.
2. Install two-step authentication that requires a password to begin and then sends a code to your mobile device to verify your identity; you’ll have to enter that code to proceed into your store. That way, even if your password is stolen, thieves will also need your phone (or at least that verification code) to hack in. In a world where passwords are stolen all the time, two-step verification makes it doubly difficult to do harm.
3. Perform a site audit of your apps. Regularly assess the kind of access they have and the risk they pose. Check out what other merchants’ experiences with them have been and what kinds of reviews and ratings they’ve received. Were they built by reputable firms that you can actually contact, or by digital ghosts? Is the benefit of the app worth the risk? (Ironically, the integration that crashed Gymshark’s site wasn’t doing much of anything for them, and didn’t need to be there.) Here’s a tip from the pros: before a big sales event, do a code and/or install freeze so that there’s no chance of any updates jeopardizing your store on the big day.
In the event that the worst-case scenario does happen and you lose all of your data, it’s imperative to have a good backup strategy. You need a solution that will get your site up and running again quickly to minimize lost revenue. Depending on your company’s resources, you’ll also want to consider how much of your own or your team’s time you can afford to spend restoring your data.
There are three different kinds of backup strategies you can choose from:
1. CSV file restoration. You can save CSV (comma-separated value) files and use them to restore your data. These are raw data files such as Excel spreadsheets or plain-text files. You manually export a CSV file for every section of your store, and then if your data is lost, you manually re-import it. Usually, your platform will be able to give you instructions on how to do this.
The advantage of using CSV files is that it is free. The disadvantages are that it is very time consuming and potentially difficult—even with instructions. It’s also important to be aware that some of the site data that ecommerce platforms don’t back up may not be exportable to the CSV format. So, that data may be permanently lost.
2. Build a custom backup solution using the platform’s API. You can create a program that automatically makes a regular backup of all the important areas of your site. The main advantage is that once you have created it, it’s a lot less hassle than using CSV files. The disadvantage is that either your own team needs to be tech-savvy enough to build it, or you have to outsource the job—if you can find someone qualified. Keep in mind they’ll have to update it whenever the platform updates to make sure it doesn’t stop working.
3. Use an off-the-shelf product. There are third-party solutions that already exist offering hassle-free backups and site restoration in the event of data loss. The advantages are that they’re cheaper than a custom solution, they don’t involve the time and tedium of importing multiple CSV files, and they don’t require an IT team. The disadvantage is that you must do your due diligence and check user reviews and ratings to make sure you’re getting a product that does the job for a reasonable cost.
Many ecommerce merchants have never given data security a second thought, but anyone who’s ever lost their store will tell you what a nightmare it is. The fact is, there are so many threats out there, it’s no longer just a remote possibility. The time it takes to proactively harden security and access, perform a risk audit, and put a backup strategy in place is well worth it, when weighed against the potential losses in revenue, unhappy customers, and the time you’ll spend rebuilding a site that took months to perfect. Take ownership of your data and protect your sweat equity. Then, go and enjoy the rewards of your labor.