In recent months, we witnessed profound changes in our habits and how we shop – many people are switching to online shopping, even in categories where it was previously neglected, such as groceries and household essentials. With the pandemic still active, many consumers are experiencing very different restrictions in different places across the world. This has presumably affected every aspect of daily life, and it most definitely affected some key shopping categories.
With ongoing changes, EyeSee’s digital experts have combined their expertise to help you make the most out of your e-commerce presence and answer crucial optimization questions:
Different age groups reported various changes – for example, throughout all study waves, the majority of the population (between 55% and 65%) in their late fifties and older didn’t recognize any changes in their online shopping behavior. In other words, significantly more people in these age categories – specifically those from 55-64 & 65 and older (55-64 & 65+) claimed no change occurred. However, among those whose behavior has changed in this age group, over half of them – 57% – claim they order products online more frequently than before, compared to 48%, which represents the total average for this claim across all waves and age groups.
What this tells us is that there are new adopters of online shopping, and with those that did try it, their behavior was affected dramatically by this new habit. In a way, those who are new to this might be realizing all the benefits it has both in a crisis like this and in ordinary life.
Overall, the majority of respondents claim that they will not change their behavior in the next month (41%) – this is the total for all 4 waves. However, among possible changes, more frequent online shopping (1/4) and ordering of non-perishable goods (1/5) take the lead. Bear in mind that these findings are on those who acknowledged existing changes and those who claimed they haven’t changed their shopping behavior so far. Below, we examine how different age groups pick a preferred online retailer.
Often what happens is that all of this ‘techie’ stuff is managed by a developer or agency working with you to build your website or provide online marketing services. Over time, you lose touch with that developer or you stop working with the agency and you don’t think about boring things like domains, servers and access again until one day, you need them, then where do you start?
Online Business Assets you Need to Secure
If you were running a brick and mortar business, you wouldn’t dream of leaving the doors unlocked or giving sets of keys to people like your suppliers, your plumber/electrician and your printers. Yet, with online businesses, I see owners giving people access to and in some cases even ownership of, their key online business assets.
Some key online business assets you need to secure include:
Website (CMS) Access
Advertising & Social Media (Google Adwords, Facebook) Accounts
Customer Relationship Management (CRM) and/or Customer Database
Here are some of the security risks I regularly see and the implications of what can happen if you give access to the wrong people.
When you purchase a domain name, you don’t really buy it, you just ‘rent’ it from a Domain Registrar and you need to renew the rental every year or two, depending on who you registered it with.
Most Domain Registrars allow you to automatically renew your domain with a credit card linked to your account. However, credit cards expire and if that happens, your Domain Registrar may try to advise you that you need to update your details, but not always. If someone else purchased the domain on your behalf, then often their details are associated with the domain so any attempts by the Registrar to advise you that your domain is expiring will go to the person listed as a contact. If you are no longer working with them, they may not forward the notices to you. The Registrar will try to renew the registration but after a few attempts will likely give up.
Your domain registration then expires and your domain eventually becomes available for someone else to purchase.
Often the first you know there’s a problem is when you try to access your website and get that dreaded error message.
The other reason you need to know how to manage your domain is because some records need to be changed within the domain. For example, if you want to change your hosting company or email hosting provider.
Securing this asset
Keep a record of who you registered your domain with and their contact details.
Make sure that the domain is actually registered to you and not to the person who purchased it. This is rare, but I’ve seen it happen. If you’re not listed as the Registrant then you don’t have a claim on the domain and the owner could let it expire or choose to sell it!
Check your domain records to make sure that you are listed as the Billing Contact and preferable the Admin Contact. You may choose to have the Technical Contact listed as a developer or a techie person you work with.
Set the domain to automatically renew before the expiry date and make sure the payment details on file with the Domain Registrar are kept up to date.
Add a recurring entry in your calendar to remind you of the date that your domain renews so you can manually check it
If you’re not sure where to start, use a lookup tool like mxtoolbox.com or whois.ausregistry.net.au or go back through your old emails and search for domain registration or similar.
For most business owners this is a big black hole. It’s the most technical part of running an online business and is usually outsourced to a hosting company. This may be the developer you first worked with to build your website or it might be a Hosting Provider. You usually pay a monthly or annual fee to your hosting provider and unless you’ve completely lost contact with them and your payment details are incorrect, then it’s rare for your hosting to expire. Rare, not impossible!
Without hosting your website won’t appear on the internet. You will get an error something like this:
Hosting error message | Protect Your Online Business Server Error | Protect Your Online Business
Apart from knowing who is hosting your website, it’s also good to know how to access your website files on your server. This is usually provided to you via a cPanel or FTP login. This login will enable you to access the part of the server that your website is using and allows you to manage things like your WordPress installation, databases, domain names, email accounts and backups with little or no technical knowledge without breaking anything!
What is a cPanel | Protect Your Online Business
If you want to move your website to new hosting, this can be done much easier with cPanel of FTP access because all of the information about your website can be copied and moved to another server.
NOTE: Not all hosting companies provide their customers with cPanel or FTP access which means you will need to ask them to make changes for you, including adding new email addresses, running backups and sending you your website files if you do want to move hosts.
Another thing to look into is which other websites are being hosted on the same server as yours. If your website is being hosted on cheap shared hosting, then it’s likely that there are thousands of other website sharing the server – these are your neighbours – some are good, but if you’re in the middle of a bad neighbourhood be wary. If one of your ‘neighbours’ installs a plugin or starts using up lots of resources on the server, then your website will start to slow down. Similarly if you start getting super popular and getting lots of visitors to your website, then the hosting provider might require you to upgrade to a new plan or worse – suspend your account, which means your site goes down, and then require you to upgrade to get it back up!
Other options you might want to consider are a Virtual Private Server (VPS) where parts of the server resources are allocated to each website or Dedicated Hosting where you have your own server dedicated to your website only.
Securing this asset
Keep a record of who is hosting your website and their contact details.
Keep your contact and payment details up to date with your hosting company.
Ask your hosting company if they provide cPanel and/or FTP access and if so, keep a note of your login details in a secure place.
Consider the best (not just the cheapest) hosting for your website. If your website is getting good traffic and/or is key to your business success (or failure) then consider moving from shared hosting to a VPS or Dedicated Server.
Website (cMS) Access
The ability to easily make changes to your website through a user-friendly interface without having to rely on a developer to code changes, is one of the great benefits of WordPress and other Content Management Systems (CMS).
To make changes, you do need to be able to login to the ‘backend’ of your website usually through some kind of Admin access. Most people with a CMS know how to login to their sites to make changes, even if they only use the login occasionally.
The two security risks I often encounter relating to CMS Access are:
Weak (easy to guess) passwords
Unknown or many users with Administrator access meaning they can make changes to and delete the content on your site.
You know you need to have a secure password, not only for your website login but for absolutely everything. And, your passwords should not all be the same for every site you login to! You wouldn’t believe the number of times a customer gives me their password to access one part of their business and then they tell me it’s the same for everything, even PayPal!
Just don’t do it.
Yes remembering different, complex passwords for the millions of places we login to is a pain in the butt – not only for you but also for anyone trying to work out your password to steal from you! Just use one of the many password tools. I use LastPass on every device. Other good ones are 1Password for Windows, Dashlane and RoboForm. They take a while to get used to and you do feel a bit like you are handing over control but better to hand over control to a company whose business it is to securely manage passwords than to a spammer or hacker right? If you don’t want to use a password manager, then make sure you change passwords regularly and don’t save passwords to your browser.
LastPass password manager | Protect Your Online Business1password password manager | Protect Your Online Businessdashlane password manager | Protect Your Online BusinessRoboForm password manager | Protect Your Online Business
The next problem I see a lot is where there are multiple users with high-level login access e.g. Admin. These are often past developers, freelancers or staff who you’ve given access to at some stage but who probably no longer need that level of access or any access at all. If a user as high-level access to your website, they can make changes, delete content, link out to spammy or worse sites or accidentally or intentionally add/remove code from your site.
Securing this asset
Review your passwords and make sure they are strong – 10-12 characters, combination of upper and lower case, numbers and symbols.
Consider using a password manager to manage your passwords.
Review the users with access to your website and the access levels they have and remove/revoke access to anyone who doesn’t need it. NOTE: Before you remove an Admin user from your account, be sure to assign any posts or pages created by them to another user (preferably yourself), otherwise this content may be lost.
There are two things to review here.
The first is, who is hosting your emails? Often this is the same company that is hosting your website or your domain registrar but not always. More and more, businesses are moving email hosting to Hosted Email services such as Google GSuite or Office 365. I’m not talking about the free services such as gmail and hotmail which you might use for personal reasons, I’m talking about the paid business solutions. These services are much more robust (0% downtime) than private email hosting, have super strong spam filters, usually a large amount of storage and they easily integrate with things like calendars.
If you don’t remember who is hosting your emails, you can use a tool like mxtoolbox to look up for email hosting records.
The second is, who has an email account associated with your business. This is usually past employees. If you can’t access your email hosting to remove email addresses, then you’ll need to ask your email hosting provider to remove them for you.