There are many good things to be said about buying a business instead of starting a new one. You don’t need to come up with a name, or a logo. You don’t need to get a domain name or vet possible locations. And, best of all, you get to skip the worst of the paperwork.
But that doesn’t mean the process is a total breeze, because there’s still a sizeable assortment of checks you need to carry out, and factors you need to consider.
After all, you can easily inherit a whole host of problems if you buy a business without doing your due diligence, and end up spending more time trying to clear them up than you would have spent on building a business from scratch.
Now, no factor is more of a threat to a solid ecommerce business than cyber security; it’s key to retaining user trust and avoiding falling foul of laws and regulations.
So if you’re planning to buy an ecommerce business, take steps to avoid cyber security issues by making sure the following concerns are addressed:
Even if you know how important it is to use strong passwords when creating accounts (particularly those you’ll be using for business purposes), you might find yourself tempted to be a little more lax about it when taking ownership of an existing online business.
It’s vitally important that you don’t. In fact, you need to be even more careful than when starting from nothing.
When making a deal, confirm that you will receive the full details for all of the logins related to the site: the hosting provider, the domain registrar (more on that later), associated social media accounts (if those are part of the deal), admin accounts, and any others that grant any kind of access to the operations of the business or its brand.
Once you have them, you’ll need to change almost everything. Usernames can probably stay (though Google them first to confirm that they have no unpleasant associations), but email addresses will need to be replaced with accounts you own, and passwords will need to be changed.
If you miss even one login, it can compromise all of the others, and leave you forever wondering if the previous owner might be skulking around without your knowledge.
Having a valid SSL certificate tells consumers and search engines alike that a website is a legitimate front for a real business. You can tell when you’re on a website with an SSL certificate because you’ll see a padlock sign on the left of your browser’s address bar.
When you look at an online store you’re thinking about purchasing, you should first confirm that it is secured by SSL, then use this tool to get more details about the certificate. If it doesn’t check out, you should be seriously concerned, and ask the current owner for an explanation.
Also, since SSL certificates expire after a time and must be renewed, you’ll need to ask them about their current procedure. Do they automatically renew? If so, they’ll have to transfer that account to you. If not, you’ll need to do set something up yourself.
Domain names are extremely important. Everyone knows www.google.com, but no one knows or cares about the IP address it resolves to (18.104.22.168 isn’t very memorable).
Unfortunately, though, they’re not generally available for purchase; rather, they must be registered for periods of time. By using a Whois tool to check up on a site, you can find out some company information, but also (most importantly) when its domain registration expires.
This is crucial information because of how dangerous it is to let domain registration lapse. The moment your registration expires, someone else can swoop in and get it; they can then direct it wherever they want and/or offer to sell the registration back to you for an exorbitant fee.
Even if you discover that the domain registration won’t expire for a decade, you should configure the auto-renewal straight away upon completing your purchase, just to be safe.
How old is the website you’re looking at? Do you know if it was custom-built or created through a site builder like WordPress or Wix? This is something you need to ask the current owner about, because some platforms are more reliable than others when it comes to matters of security.
If the framework upon which the site was developed is renowned for its security vulnerabilities, for instance, you should be extremely cautious and do your research to see if they could plausibly affect your business (just think about how much damage ransomware can do).
You also need to find out how site updates are carried out. Would you need to do queue them up manually, or would the website host handle that for you? Whom would you need to contact in the event of a problem?
One way to minimise your worries here is to buy a business through a trusted business marketplace like Shopify Exchange; that way, you can be confident that the system you’re getting is stable and kept up to date.
Even if you’ve run an ecommerce website before, you should commit some time to considering legal compliance before making an offer for a business, for a couple of reasons:
Data protection in particular is of critical significance, and being careless with customer information will not only erode their trust in your competence and reliability but also make you vulnerable to severe penalties.
Ask the current owner what their policies are on customer data; how they’ve stored it, how they’ve used it for marketing and support, how they can pass it to you. And if you’re not entirely sure what to make of their answer, run it past an expert in the field before tendering an offer.
Buying a profitable store can be a fast, fun and effective way to approach the world of ecommerce, but be careful to do as much investigative work as possible to uncover possible security threats from its history and its current operation.
By taking the time to do your due diligence now, you can negotiate the best possible deal and make the transition of ownership as smooth and pain-free as possible.
Victoria Greene is a branding consultant and freelance writer. On her blog, VictoriaEcommerce, she shares tips on ecommerce and how brands can take advantage of developments in technology. She is passionate about using her experience to help brands improve.