In the digital age, cyber threats are a growing concern for e-commerce entrepreneurs. Recent data shows that Dutch organisations endured an average of 865 cyberattacks per week in the third quarter of 2024 — a 69% increase compared to earlier periods (ictmagazine.nl).
Emma, owner of an online jewellery store on Shopify, implemented two-factor authentication (2FA) to prevent unauthorised access to her systems. "After hearing stories of hacked accounts I realised an extra layer of security is crucial," she shares.
Pieter pays close attention to security updates from Shopify and the third-party apps he uses in his store. "Vulnerabilities in apps or plug-ins can bring risk, which is why he regularly checks which apps are up to date and removes unused or unsafe extensions. We make sure all our systems are up to date to minimise vulnerabilities," he explains.
Fatima, who sells sustainable fashion through her store, faced a phishing attack in which an employee almost fell for a fake email and was on the verge of releasing sensitive information. "It was a wake-up call. We immediately trained our staff to recognise phishing and put in place extra security checks for all external communication, so this can't happen again," she says.
One of the advantages of Shopify as a SaaS solution is that security updates and infrastructure management are largely handled by Shopify itself. That offers an extra layer of protection compared to open-source systems like WooCommerce or Magento, where the store owner is responsible for hosting, security patches and updates.
Even so, there are also risks within Shopify:
API integrations: third-party apps can introduce vulnerabilities.
Human error: weak passwords and phishing attacks remain a risk, regardless of the platform.
Social engineering: hackers may try to gain access to company data through employees.
With open-source platforms there are extra risks such as:
Insecure hosting: security depends on the chosen hosting provider.
Outdated plug-ins: outdated or non-updated plug-ins are a risk.
Higher configuration responsibility: the entrepreneur is responsible for firewalls, DDoS protection and SSL certificates.
Recent incidents in retail highlight the importance of proactive security measures. In 2022, several Dutch businesses were hit by ransomware attacks, leading to disruption and financial losses (kpn.com).
To reduce the risk of cyberattacks, Dutch stores can consider the following steps:
Awareness and training: make sure employees recognise phishing and know how to handle suspicious activity (kvk.nl).
Network segmentation: split the network into segments to limit the impact of a possible breach.
Backups: regularly back up essential data and test it to make sure recovery is possible after an incident.
Incident response plan: develop and rehearse a plan to respond quickly and effectively to security incidents (boladviseurs.nl).
Whether you work with a SaaS solution like Shopify or an open-source platform like WooCommerce, cybersecurity is a continual concern. While SaaS platforms like Shopify provide a solid baseline, it remains the entrepreneur's responsibility to protect their systems and data.
By taking the right measures, e-commerce entrepreneurs can arm themselves against cybercrime and safeguard the security of their store and customer data.
