Learn from Fast Growing 7-8 Figure Online Retailers and eCommerce Experts

EPISODE 264 48 mins

Comprehensive Guide to Securing Shopify, Shopify Plus and BigCommerce Stores

About the guests

Mike Potter

Kunle Campbell

Mike Potter is the Co-Founder and CEO of Rewind, an Ottawa-based software company providing backup solutions to SaaS users. He is a serial entrepreneur with over 20 years experience in software development, product management, and marketing.

On today’s episode, Kunle is joined by Mike Potter, Co-Founder and CEO of REWIND, an Ottawa based software company founded in 2015 that provides easy and convenient backup solutions for businesses using SaaS platforms. Rewind is a spotify-plus certified app and helps secure over 20,000 businesses across 3 platforms.


2020 has already been a year where eCommerce has grown rapidly in our post-covid world. Black Friday and Cyber Monday are just around the corner, and it’s anyone’s guess as to how big they will be this year. At a time like this, eCommerce and DTC businesses are undoubtedly focused on being ready for what looks like a bumper sale. But what if the functionality or security of your store is compromised at the eleventh hour? Having a malfunctioning store could have huge ramifications this year more than ever.


In today’s episode, Kunle and Mike bust some myths and lay out some security best practices that every online store owner should follow. You will get answers to questions like why SaaS services don’t provide account-level backups? How should you vet app companies and developers? You will also get a store security checklist which you can implement for the upcoming sales and beyond. Whatever the size of your online business, you don’t want to miss this one!


Here is a summary of some of the most important points made,

  • Saas platforms don’t back up account-level data
  • If you can remember your password, it’s not strong enough!
  • Grant access to your store on a need-only basis
  • Be diligent about the apps you install and the permissions they require
  • You can restore your store to any point point in the last 365 days using Rewind
  • Human error in website management is inevitable
  • Building your own app vs licensing established ones is rarely viable

Covered Topics:

On today’s interview Kunle and Mike discuss,

  • Difference between CSV exports and Rewind backups
  • REWIND’s functionality
  • Store security checklist
  • App auditing guidelines
  • Best practices for Black Friday


  • 02:10 – Is your store truly secure?
  • 08:00 – A bit about Mike and REWIND
    • Currently backing up Shopify, BigCommerce, Quickbooks
    • Protecting over 10,000 businesses on Shopify
    • Early experience in eCommerce led to building REWIND
  • 11:40 – Why don’t SaaS platforms have automatic backups?
    • Shopify backs up Data of their system as a whole
    • Their back-up is not account level
  • 13:32 – What scenarios can REWIND protect you against?
    • Human error
    • Integration bugs
    • Malicious intent
  • 16:50 – The modern day online store security checklist
    • Grant access on a need-only basis
    • Use a password manager
    • Use 2-factor authentication to login
    • Due-diligence on permissions required on installed apps (pro tip: try calling their contact number)
    • Check reviews of apps you install
  • 23:30 – App security audit
    • Building your own app is not a good option
    • Ask questions to the app developers
    • “The lowest price doesn’t always equal the best quality”
    • Stick to apps with good reputations
  • 28:40 – Security advice for Black Friday & Cyber Monday
    • Limit last-minute changes to your store
    • Avoid installing new apps
    • Have a staging environment for testing
  • 33:10 – How to apps become Shopify-plus certified
    • Quality of customer support
    • How well does an app scale
    • Security protocols
  • 35:05 – Rewind’s team and resources
    • Team of 40 (growing to 60 soon)
    • 8 pods of servers globally
  • 37:45 – How far back can one Rewind their store to? 365 days!
  • 39:00 – Actual stories of security lapses
  • 44:00 – Final recommendations:
    • Password manager
    • 2FA
    • Vet your apps closely
    • Limit access
    • Backup your data!


  • A CSV export is not a backup of your store
  • Verifying permissions and reputation of your apps is critical
  • Having a staging environment let’s you test your changes effectively

Links & Resources

Tweetable Quotes:

“If you can remember your shopify store password, it is not a secure password.”

Facebook Group • Continue the Conversation

The eCommerce Growth Accelerator Mastermind Facebook Group has just launched.
It is a community…

✔️ for founders and experts passionately involved in eCommerce
✔️ for the truly ambitious wanting to make an impact in the markets they serve
✔️ for those willing and open to help and share with other members

Here is where to apply to join the Facebook group



This episode is brought to you by:

This episode is brought to you by Klaviyo – a growth marketing platform that powers over 25,000 online businesses.
Direct-to-Consumer brands like ColourPop, Huckberry, and Custom Ink rely on Klaviyo.

Klaviyo helps you own customer experience and  grow high-value customer relationships right from a shopper’s first impression through to each subsequent purchase, Klaviyo understands every single customer interaction,  and empowers brands to create more personalized marketing moments.

Find out more on klaviyo.com/2x.

This episode is brought to you by Rewind – the #1 Backup and Recovery App for Shopify and BigCommerce stores that powers over 25,000 online businesses.
Direct-to-Consumer brands like Gymshark and Movement Watches rely on Rewind.

Cloud based ecommerce platforms like Shopify and BigCommerce do not have automatic backup features. Rewind protects your store against human error, misbehaving apps, or collaborators gone bad with Automatic backups!

For a free 30-day trial, Go to Rewind.io,
reach out to the Rewind team via chat or email and mention ‘2x ecommerce’

This episode is brought to you by Bolt.

The fastest ecommerce checkout in the industry. Bolt loads 10x faster than native checkouts, with an average checkout duration of over 30 seconds.

Bolt is mobile-native with no scroll on mobile screens. It offers a zero-fraud guarantee and has 42% fewer fields than native checkouts. Bolt supports Stripe, Apple pay, Paypal and several more payment gateways and providers.

Bolt is offering a completely free checkout audit to 2x listeners. Head Over to Bolt.com/2x to get your free checkout audit now!

About the host:

Kunle Campbell

An ecommerce advisor to ambitious, agile online retailers and funded ecommerce startups seeking exponentially sales growth through scalable customer acquisition, retention, conversion optimisation, product/market fit optimisation and customer referrals.

Learn from eCommerce Entrepreneurs & Marketing Experts

Get Free Email Updates by Signing Up Below:

Podcasts you might like