Typically ecommerce stores collect lots of data and owners tend not to clear this down. This is a dangerous practice and can put your whole business at risk.
Imagine some one gets access to your database. They have pretty much all your business intelligence and a way to leverage some extortion. Information is power and the more you store online the higher the risk you run. Hackers with this amount of information will usually press for extortion and black mail.
The follow is a list of data you should consider removing from your site.
- guest customer details – these customers do not expect this data to be stored on the site and the next time they visit they cannot access it anyway
- product statistics – data that shows all sorts of valuable trending information to your business.
- old sales orders for guest shoppers – once the product has shipped and you have recorded your sales in your accounts no need to keep this data on the site.
- old products
- old images no longer used
- registered customer accounts that have not been accessed in x number of years/months.
- sales orders from registered customers who have not purchased in x number of years
- delete shipping addresses not accessed in x number of months
- delete telephone numbers not access in x number of years
- delete addresses not shipped to in the last x months/years
All of this can be automated by your web developer – do once and it will repeat forever.
Dont slip into the following :
- using your site to calculate your vat/tax return, this is an accounting software action not an ecommerce site action. Too many do this because its handy, it requires you to store too much data to do it.
- making your ecommerce site your stock control system, again its important to keep stock figures up to date but its not the job of the website to keep track of what is in the warehouse etc, this it is the job of a stock control system – some advanced accounts systems will do this too. If your stock control is corrupted you end off doing a complete stock take to manually reset it.
“90% of businesses fail 6 months after a catastrophic loss of financial data”
Remember the less information you store online about customers the less of a threat a data hack can be. No ones code is 100% hack proof. However if you prepare to mitigate the damage by removing excess data then you mitigate the potential damage.
You have spent years building a business dont let some hacker pick your pocket and the have to admit to it in public and lose credibility. Better to say in the breach report – we remove unnecessary data every x months and there fore the hacker is only ever going to be able to steal a limited amount of data. You then have the upper hand.