10 Simple Account Security Tips Every Merchant Should Know

  • 4 minute read
Half closed computer with neon colours.

If you’re someone who locks your door and then double-checks it before leaving home, you’re already aware of the importance of security. That’s why we think you’ll appreciate the tips we’re about to share. If you’re interested in learning how to maintain good cybersecurity hygiene for your business, keep reading.

Table of contents

What is a cyberattack?

Ecommerce fraud/malicious attacks are any deliberate deceptions made to an online store with the aim of financial, data, or personal gain on the part of the cybercriminals or fraudsters. 

There are several ways an account can become compromised as a part of a cyberattack, including phishing attacks, malware infections, weak passwords, and social engineering tactics. Once an account has been compromised, it can be difficult to regain control and prevent further damage, which is why it’s important to take steps to prevent account compromise in the first place.

A padlock and credit cards rest on top of a laptop keyboard. A symbol of security even in the online world of passwords. Keeping personal information safe and secure is the name of the game. Shopify Photos

6 common types of cyberattacks

  1. Account-takeovers (ATOs/compromised accounts): A compromised account is an account that has been accessed or taken over by an unauthorized user, typically through a security breach or other form of cyberattack. When an account is compromised, the attacker may be able to access sensitive information, such as personal data, financial information, or login credentials, and use it for malicious purposes, such as identity theft or fraud.
  2. Distributed denial-of-service attacks (DDoS): These involve overwhelming a website’s servers with traffic in an attempt to take the site offline or disrupt its operations.
  3. Cross-site scripting XSS attacks: These involve injecting malicious code such as JavaScript into a website’s pages to steal customer information or redirect users to a malicious site.
  4. Mage cart attacks: These involve injecting malicious code such as JavaScript into a website’s checkout page to steal customer payment card details.
  5. Phishing, vishing, and smishing: These involve sending fraudulent emails, text messages, and, in some cases, phone calls that appear to be from a legitimate source, such as a bank or ecommerce store, in an attempt to trick users into revealing sensitive information or clicking on a malicious link.
  6. SQL injection attacks: These involve exploiting vulnerabilities in a website’s database (in this case, the merchant admin) to gain unauthorized access to sensitive information, such as customer payment card details.

What is cybersecurity?

Cybersecurity is the practice of protecting computer systems, business accounts, networks, and sensitive information from unauthorized access, theft, damage, or other malicious attacks. It Involves implementing a range of security measures to prevent cyberthreats and minimize the risk of data breaches and other security incidents. Cybersecurity is essential for businesses, governments, and individuals alike, as cyberattacks can result in significant financial losses, data compromise, reputational brand damage to buyers, and other negative consequences.

Ecommerce fraud/malicious attacks are any deliberate deceptions made during an online transaction with the aim of financial or personal gain for the cybercriminals or fraudsters, even if it adversely affects the merchant.

If you have, or help run, an ecommerce store, the unfortunate reality is that fraudsters and cybercriminals may target you and your business. This not only affects your profits and consumes your time, but can also negatively impact your brand’s reputation and potential customer experience.

Through being educated on current/common cyberthreats and taking active steps to operate your business securely, you can implement security hygiene practices that best protect your business. Take a look through this guide where we cover the different types of malicious cyberattacks merchants can face, and tips for how to combat them. 

Close-up of a laptop screen on a two-factor authentication screen. This individual has their code and is done typing it in. Shopify Photos

10 low-lift ecommerce cybersecurity practices that work

There are several good cybersecurity measures that businesses can implement to protect their systems, finances, and data from cyberthreats. Here are some of the most effective measures:

  1. Enable multifactor authentication wherever possible to add an extra layer of security. You may see multifactor authentication referred to as: MFA, 2FA, and/or 2SA. Hint: check out Shopify’s Help Centre page on Multi-Factor Authentication.
  2. Encourage employees to use complex passwords.
  3. Avoid sharing login credentials across employees. Tip: Do not communicate these via email, or social messaging services.
  4. Use a secure password manager such as 1Password.
  5. Limit access to sensitive data to only those employees who need it. Hint: check out Shopify’s Help Centre page on Setting Staff Permissions.
  6. Use real human names when setting your account owner (AO) in the event verification is required.
  7. Regularly update software with the latest security patches and updates to address known vulnerabilities.
  8. Encrypt sensitive data both in transit and at rest to prevent unauthorized access.
  9. Backup data to a secure location to ensure it can be restored in the event of a security breach.
  10. Use firewalls and antivirus software to protect your network and devices from malware and other cyberthreats.

To make sure his accounts are all kept secure, this individual creates a to-do list on a notepad. Things he has to get done: change password and enable two-factor authentication. Shopify Photos 

Key Actionable Takeaways:

🔥 Tip: Train employees on cybersecurity best practices

Educate your employees on how to identify and avoid phishing, vishing, and smishing scams, how to create strong passwords, and how to securely handle sensitive data. Regular training and reminders can help keep your team vigilant and aware of potential threats.

🔥 Tip: Build a robust Incident Response Plan for your business

In the event of a security breach, having a plan in place can help you respond quickly and effectively. This should include steps for containing the breach, notifying affected parties, and restoring systems and data. Regular testing and updating of the plan can ensure it remains effective and relevant over time.

By implementing these cybersecurity measures, businesses can help protect their systems and data from cyberthreats and minimize the risk of data breaches and other security incidents.

Please ensure you are always practising within the Shopify ToS.

Topics:
Backoffice