There are few online challenges as aggravating as discovering that your website has been hacked - but, it happens.
In fact, it happens to hundreds or even thousands of companies every day. In many cases, the initial "break-in" is avoidable. But, regardless of how it happened, it's up to you to figure things out and move forward. Let's dicuss how.
Believe it or not, it's not always easy to tell your website has been hacked. Obviously, if you discover that your pages now display something different than they used to, along with a message that you've been hacked, that's a pretty good clue. Or, if you find that your website suddenly redirects to a page in the adult entertainment industry, or maybe an online casino, that's a pretty obvious sign that your site has been compromised.
However, sometimes signs are a little more subtle. It could be that new links show up on your pages, you start seeing some very unusual traffic patterns, or you could even be informed by a third party (like Google) that your website is having security problems. You should be very careful about this last bit, though, as the email you get about hacking could itself be an attempt to spread viruses or gain access to your site.
For the past couple of years we've seen a noticeable increase in customers reporting hacked sites in our forums and we've tried to help them as much as we can. And the issue isn't going away ... ever ... in fact, it's only getting worse. - iThemes
First Steps to Take When You've Been Hacked
Regardless of how you figure it out, here are the first things you should do when you realize that your business website has been hacked:
1. Call for help. There's no time like "now"! to reach out to your hosting company and/or web team. Or, if you don't have a reliable partner to work with, this gives you the perfect excuse to find one. They can be invaluable in helping you to get your business (yes, business) back up and running again.
2. Take the website offline immediately. After it's been compromised, your website probably isn't going to be very useful to you (although it might be doing lots of good for whoever hacked it). Plus, you could be creating security problems for your customers and colleagues, which could even damage your reputation.
3. Find the source. Your IT or web team should be able to check the logs of your website and determine how hackers gained access, as well as what kinds of changes have been made. If you have a backup, fixing it might be as simple as reverting back a few days and plugging the hole.
4. Scan your computers. You don't want the problem to spread from your website to other pieces of technology within your office, so make sure that all of your hardware is scanned thoroughly with a reputable antivirus package before you open up internet access to your office again.
5. Rebuild your website. This could be as simple as restoring a previous backup, or as complicated as building a brand new website from scratch, depending on the level of planning you had in place before you were hacked. Either way, you want to ensure that the new version of your site is as strong and secure as you can make it.
6. Change your passwords and security. You don't want to fall for the same trap twice, so make sure you use strong passwords (you can see some tips on passwords in my recent article here), a good firewall, and current hosting package/software updates.
7. Notify customers and contacts if necessary. Depending on the type of attack and extent of the damage, you might want to notify customers about the security problems. It isn't going to be an enjoyable conversation to have with them, but it's better than letting them learn they got a virus from your site from their IT department (or a competitor.)
Dell SecureWorks estimates that CryptoLocker has infected 250,000 victims. The average payout is $300 each, and millions in laundered Bitcoin have been tracked and traced to the ransomware's money runners. - Violet Day at ZDNet
Avoid First and Future Hacking Attempts
The vast majority of hacking attempts aren't sophisticated, well-executed crimes, but simply petty thieves coming through the "open doors" allowed by weak passwords, out-of-date software, and relaxed security standards. In other words, they take advantage of known exploits, or sloppy security, to just march in and make any changes they want to.
By limiting these opportunities - and keeping current backups of your website - you can prevent hacking and minimize the damage all at the same time. No site is completely immune to unauthorized access, but taking a few simple steps is all that's needed to ensure that you aren't an easy target.
Disclosure: KAYAK deploys BackupBuddy by iThemes on our clients' Wordpress sites. It rocks.