Restoring a hacked website is not as easy as simply running antivirus on the website files and quarantining any infected files. I also doubt, as a small business owner, you have the skill to deal with the technical aspects of recovering from an attack. Therefore, in this post I will provide a step-by-step guide for a non-technical person on how to recover from a hacked website.
The steps in this guide are based on my own experience of having one of my business websites hacked, I hope you will not go through the same pain I did to recover from an attack but instead learn from my experience.
To recover as cheaply and quickly as possible from an attack on your business website you need to be pro-active and first run through the following tasks. These tasks, if completed, will make the recovery process so much easier – believe me.
Pre-Attack Step 1 – Back-ups!
This One Step Will Increase Your Chances of Recovery – Dramatically!
Question: is your website being backed-up?
Then stop reading this post, contact your hosting provider and get it organized ASAP.
Then stop reading this post, contact your hosting provider and confirm the following:
- How can you prove that my website is being backed-up?
- What is the process to revert my website to a back-up?
- How long will it take to revert to a back-up?
The absolute importance of having your website backed-up frequently (a minimum of weekly, preferably daily) becomes very apparent when you work out that the website is so infected that it’s cheaper and faster to revert to a back-up.
In the case of my business website being hacked, I was lucky enough to have backups – BUT – no one checked them! So the last 6 months of back-ups were corrupted and I had to revert to a 7-month old back-up causing additional costs to me in the form of refunds to contributors and advertisers.
Pre-Attack Step 2: Lock-In Technical Help
Now that we can tick-off the most important task in our recovery guide let’s look at some additional planning tasks.
I will assume that you don’t have the technical skill to recover your website from an attack. So, you will need a technical person to help you with recovery.
The “person” can be the hosting provider’s support team or a third-party person you know of. What is very important is that before you need them, sometimes at extremely quick notice, day or night depending on your SLA’s, is that they will respond quickly when required.
Hosting Provider Help
Check with your hosting provider first if they provide a service to help you recover from an attack. The reason why you should check with them first is that normally the hosting provider will have not only complete access to your website code and database, but also the webserver that is hosting your website.
Sometimes it’s the webserver that has been hacked first so that needs to be fixed first. A third-party such as your website’s developer or designer will not have “god” access to the webserver so you will waste time and money if you first engage third-party help only to find that you need to contact the hosting provider as well.
If the hosting provider does offer a recovery service, sometimes called “Incident Response”, then confirm the following with them:
- Is the service offered 24x7x365? Sometimes the service is only operational during their business hours, sometimes it costs a lot more to engage them outside of their normal business hours. Ensure you check with them on the availability and costs.
- How long does it take to respond? I have heard of some hosting providers providing a 24x7x365 call center but after business hours they only take a message and make you wait until normal business hours to act on anything!
- What are the contact details for the recovery service? If you can, get more than one contact channel – such email address, contact phone number, webpage form, pager number for example.
- What tasks can they offer to help with recovery? Will they revert to a back-up for you? Will they stop traffic to your site while the recovery process is running? Will they examine the website to see how the attack occurred and fixed anything they see as a vulnerability? Will they help you restore infected files?
Tip: having trust that your host providing will respond as promised when you need them is honorable – but not wise. I recommend that you ring their service out of hours and check that they at least respond.
In this post when I refer to “third-party help” I am referring to a person or small business that probably helped build the website and maybe “hosting” it on your behalf using their own account with a hosting provider. I am definitely not referring to a professional incident response organization that charges $500 per hour and can fly people in from around the world to be onsite hosting a “war room”.
To be honest I would much prefer getting help from the hosting provider directly as they are normally setup for responding to attacks, have robust SLAs and have an active and large support team. But if for some reason, you need to use a third-party then it’s vital that you have an understanding between the two of you what will be required in the case of an attack. Get the understanding down on paper too as often peoples recollection of who will do what in the middle of an attack will often change!
The same questions I presented above for a hosting provider applies to a third-party but additionally you will need to ensure you have at least one third-party back-up just in-case you cannot reach them or they can’t help.
When my website was hacked, I relied on my web developer who was a contractor based overseas, this was not a smart idea because he was on a month-long holiday when I reached his rather pissed-off wife at 2am their time. It was a major bummer that he did not tell me about his holiday – I think his wife will also agree.
Create the “Under Maintenance” Web Page
Design an “Under Maintenance” web page that will be displayed to your visitors instead of the hacked website. You do not want your website visitors to be at risk of any malicious code the attackers added to your website that is designed to attempt to compromise your visitor’s computers.
The original website that was attacked should be blocked from Internet visitors and only your IP address and the IP addresses of your technical support people should be allowed to access the hacked website.
Agree on an internal communications plan
One of the most annoying things support people deal with is clients constantly asking for updates on progress. I know of people who ring up support every 10 minutes asking for an update and don’t seem to realize that every time they do this the support person is taken away from fixing the issue.
Agree with the support team on when you will be updated by them with a progress report.
Pre-Attack Step 3: So, Who is Looking After Your Website?
In my line of business, I often provide professional advice to businesses who have had their website hacked. After my own website was hacked 7 years ago, I do have some good advice to offer 🙂
Often, I find there is confusion as to who is supposed to be looking after the website regarding maintenance.
Most of the time, with small business, there is an assumption by the business owner that the web developer who built the website is responsible for its upkeep. The web developer on the other hand believes it’s the clients responsibility.
This results in the website never having patches or security updates applied, which 9 times out of 10 is the reason why the website was hacked.
Make sure that there is a clear and detailed maintenance plan for the website in writing. Ensure that the person responsible for patching and general maintenance is defined within that documented plan and that the person has signed the document as a statement of understanding.
The detail should cover when patching is performed (normally monthly or if a critical security patch has been released that the website is patched within 7 days of the critical patches release), what happens if a patch fails to install (roll-back) and what software is covered by the patching agreement.
Tip: the maintenance plan should also record who is responsible for backups and define the back-up schedule.
Pre-Attack Step 4: Communication Plan
Create a communications plan that defines all the entities that should be alerted to the attack. This must include your clients, staff, business partners, and any external parties that legally you must inform such as applicable government departments.
If your website accepts credit cards as payment, regardless of whether the website directly accepts the credit card details or the customer is redirected to a payment gateway provider you must contact your acquiring bank and the applicable card brands ASAP.
If the media would be interested in the attack ensure you have a statement written up for them. The last thing you need is media ringing you while you’re having a panic attack and there is no pre-written statement to read off from.
Pre-Attack Step 5: Website Alternatives
If the recovery process for the website takes more than a few hours to resolve then you may need to think about alternatives especially if your clients rely on the website for something such as functionality or data. For example, if your website provides a service to allow clients to manage their email marketing or provides share-market data feeds, you may have SLAs to consider.
Depending on your business, alternatives could be standby websites, manual execution of tasks or leveraging off a competitor’s website under an agreement.
This all comes under business continuity planning but my advice in the context of a website attack is, if standing up a backup website is part of your BCP then first consider – whatever caused the attack on your primary website maybe also residing in your standby site such as an un-patched vulnerability. Its not smart standing up your secondary website only to find minutes later its hacked as well. Now you have two websites to clean up!
Okay, all pre-attack tasks have been completed. Let’s move to the steps I recommend taking if your website is hacked.
- Contact your primary technical support team that was setup in Pre-Attack Step 2: Lock-In Technical Help. Alert them to the website attack and ask them to display the “Under Maintenance” web page and lock down the hacked website to only be accessed by your IP address and their IP addresses. If you have followed my recommendations for setting up the support team you should know when they will contact you to provide a status update and what they will be able to do regarding recovery tasks.
- Run through your communications plan so you alert the required entities using your communication templates.
- Check that your mobile is fully charged so you don’t invoke Murphy’s Law and run out of battery at a critical point! Check that your email is working also as people will often emailed you regarding the state of your website.
- While you wait for the technical support team to attempt recovery of the website run through your BCP plan that we looked at in Pre-Attack Step 5: Website Alternatives. Depending on the severity of the attack you may be standing up your secondary website – ensure you are ready for this.
- If the technical support team do not contact you at the agreed update time then give them another 30 minutes as they may be at a critical juncture and would rather complete what they are doing. If they still have not contacted you after the 30-minute extension then contact them but don’t be too surprised if they do not answer – sometimes in the heat of the moment having absolute focus on fixing the issue is paramount.
- Hopefully the recovery is a success and your website is back up and running. If not, and the website cannot be recovered then you will probably have to revert to a back-up. This is when you thank me for reminding you to check that your website is backed up and the back-ups actually work. You’re welcome 🙂
- Now that your website is running again contact your technical support team for a debrief of the incident so you understand the following:
- What was the “thing” that allowed the attack to occur? Vulnerability? Weak passwords?
- Has the “thing” that allowed the attack to occur been fixed? If not then what is the plan to fix the “thing” and who is responsible for ensuring the “thing” is fixed. What is the timeline to fix the “thing”?
- Were there any lessons-learned? If so how can we improve of the response plan using the lessons-learned?
- Run through your communication plan updating the interested parties on the success of the recovery. You may want to provide some detail here regarding what steps were executed – this shows a professionalism in your ability to deal with an attack.
Well done for reading the entire post! If you implement the recommendations I have provided you will definitely be in a very strong position to deal with a website attack.
Finally, I think you will agree that the pre-attack tasks if implemented, make dealing with an attack so much more controlled and chances of a successful recovery much higher than thinking your website will never be hacked.
Take These Steps And Protect Your Business From A Cybercrime
You might have read the news story surrounding the events that happened at Mal A Largo. The prestigious club favoured by the president was recently breached by a woman who claimed she was a member. She wasn’t. When she was inside, she suggested she was there for a conference.
There was no conference taking place and the woman entered the club with multiple pieces of tech. One of which contained malware data. The president was in the club at the time and it is not currently known what the woman’s intentions were. It is however clear, that she almost succeeded.
This shouldn’t come as a massive shock. After all, recent reports have suggested that by 2021 there will be a cyber attack on a business every twenty seconds. That’s crazy and it won’t just be big businesses that are exposed either.
Indeed, experts suggest that smaller companies will be targeted because criminals won’t expect them to have the latest protection measures in place.
This leaves an important question: Is your business secure and prepared for the threat of a cyber attack?
Truthfully, the answer is probably no. But you can take steps and make changes to ensure that your business is protected.
Let’s look at some of the ways you can do this, plus here’s a quick recap on what you need to know about cyber crime and malware.
What is Malware?
You don’t need to know the history of malware but it’s kind of interesting so here’s a short summary. Its beginnings are thought to be in 1949, with computer scientist John von Neumann, however the first documented viruses were in the 1970s.
Not all viruses are bad, though malware is and it’s thought that a third of all computers world-wide have been infected at some time.
There have been some very hard hitting computer viruses over the years including:
- 2013 – Cyptolocker. This is one of the early ramsonware programs. Ramsonware in itself is interesting insofar as it denies the user access to their computer with threats to publish the users’ data unless a ransom is paid.
- 2014 – Backoff. Known for hitting the Point of Sale (POS) machines to steal credit card data.
- 2016 – Cerber. One of the most infective viruses according to Microsoft.
- 2017 – WannaCry Ransomware. Appropriately named as many companies attacked by it did ‘want to cry’.
What is Cybercrime?
Simply put, cybercrime is the term given to describe any criminal activity online, i.e. uses the Internet. It’s far-reaching, insofar as it includes everything from ramsonware and other viruses, to hacking, phishing and spamming.
So, what can you do to make sure your business is protected?
Installed And Up To Date
It’s important to make sure that you are installing anti-virus software. Once it is installed, make sure that you are updating it regularly. Many people think that once you have installed anti-virus software on your tech, your issues are over. This just isn’t the case. Indeed, it’s instead possible and even likely that you fall behind on updates and suddenly there’s basically no protection for your business.
This is usually because people are relying on free antivirus software. Free software is better than nothing, but it’s definitely not the ideal solution. If you want the highest level of protection, then you need to invest in the best software on the market. This isn’t free but it does provide fantastic value for your company.
Choose Strong Passwords
Passwords are incredibly dangerous if they are easy to guess or if they include information that people could quickly access. As such, there should be no personal information used to create your passwords. It should be a random string of numbers and letters. These are almost impossible to guess or hack and as such will keep your sensitive data secure.
The Latest Tech
Do make sure that you are investing in the latest technology and equipment. The latest tech will usually have preventive measures in place to ensure that software is protected. Particularly if they are running the latest programs and systems.
You should be careful of methods for saving money as well such as BYOD initiatives. While this can cut costs down, you can’t guarantee that the devices that employees are as secure as they need to be. Investing in the latest technology yourself will always be the best option.
We hope this helps you understand how to secure your business from a potential cybercrime.
How Compliant is your Small Business?
Operating a small business doesn’t mean you can be complacent with how you’re protecting customer data and the prevention of the real threat of credit card theft.
Hacking gangs are alive and well hence the tightening of data protection rules in the western world including the European Union’s GDPR.
So there’s two major compliances to work on immediately if you’ve not done so already. Doing the basics to ensure your business is in compliance with data protection laws including the GDPR even if you’re not in Europe is a must-do and here’s how you can get started if you’ve not done it already.
Every website collecting email addresses and more, need to comply with the requirements for protecting customer data. There’s more that’s needed too see (Website policies) further on in this article.
There is also a pressing concern for all businesses, eCommerce and particularly those in the retail sector to commit to PCI compliance. You might be wondering what it is and is your operation too small to be bothered with it right now.
A really good explanation of what PCI DSS is and why any business transactions using credit cards needs to comply can be found in this article on BusinessBlogs.
Smaller businesses can do a self assessment and why you might sigh with relief, don’t get too comfortable, you’ll still need to know exactly how to do a PCI self assessment and how to get set up so when your business grows it’s got everything in place for external assessments.
PCI and Networks
The real difficulty lies in understanding how sensitive data moves along your network which is a must for assessment. The wireless LANs and other connectivity points like USBs and bluetooth can be penetrated hence they need to be monitored and secure. This is where a PCI compliant specialist comes into their own not only for your self assessment but also when using external PCI auditors for your compliance.
Earlier on we mentioned protection of customer data and laws like GDPR.
Any business with a website that collects customer data can not avoid the basics website features that allow for transparency of how customer data is collected, utilised and shared with privacy and cookies policies.
This really is the norm now and it’s the entry level for all websites so all website developers will implement it, so it’s just the older sites and the Do-it-yourself crowd who need to be aware of the requirements.
Website visitor expectation is they’ll see the pop up that asks for acceptance of re. your website cookies policy and they’ll take the necessary action. Without it, your business is not perceived as being secure and visitors may take no further action i.e. they’ll exit your site.
All websites should also be using the SSL (HTTPS), and be mobile ready. Plus have all the bells and whistles in place to manage customer data collection and management for protection of customer data.
Ignorance is not bliss and it will be hurting your business if your website is not on top of it’s compliance requirements. Get curious, find out what you need to know and when you need to take action to keep the hackers out and the visitors in.
Why Shopping Cart Abandonment?
Shopping cart abandonment is not decreasing. Buyers add stuff to their shopping cart, however exit without finishing the purchase. The term ‘buyer’s remorse‘ needs to coined another way to describe why online shoppers abandon their shopping carts.
Relinquishment is an electronic business term used to portray a condition wherein a visitor on a page leaves that page before completing the pined for movement. Occurrences of betraying, are the place shopping cart abandonment happens the most! The reasons change from site to site and they’re explained well in the infographic created by Fullestop. We’ve added it to this post for you.
Web business destinations attempt to decrease their cart abandonment rate; however it’s a losing battle with a high level of customers still slipping past. Honestly, shopping case surrender rates if all else fails are actually rising. Business Insider reports that $4.6 trillion worth of stock was left in spurned trucks in 2016, up from $4.2 trillion out of 2013.
Reasons behind Shopping Cart Abandonment
For the retail part, these were the most widely recognized explanations behind the surrender:
• 34% were ‘quite recently looking’ i.e. not prepared to purchase.
• 23% had an issue with transportation.
• 18% needed to look at costs.
• 15% chose to purchase in-store.
• 6% relinquished because of an absence of instalment alternatives.
• 4% encountered a specialized issue.
Distinctive edifications have been offered trying to state why buyers leave shopping bushels. Most, by far, of the reasons, take after the ones in this present reality shopping process. The basic enlightenments behind shopping wicker container betraying have been seen as:
Perplexity with astound costs: in the far-fetched event that it’s not clear how to influence a purchase and you to leave your prospects with no other individual, expecting that “they’ll appreciate it”, you’re in for an epic dissatisfaction. Correspondingly, if they are out of the blue given some extra costs that they didn’t expect, you were showing the portal yourself.
Alert or secure site: An alert about the website can without much effort change over into fear. The starting point for a business is website security and assuring customers the website is safe and secure and this includes their shopping cart and when it comes to credit card data, what information is requested from purchasers.
Most electronic business purchasers are careful about revealing their own particular information, especially with respect to MasterCard inspirations driving interest. Purchasers are already nervous and it’s not long before they end up plainly suspicious especially if an overabundance of information is requested from them.
- Management2 years ago
20 Of The Worst Business Decisions Ever Made
- Finance2 years ago
What are the Advantages And Disadvantages of Business Loans?
- Marketing1 year ago
Creating Brand Identity for Small Business [Infographic]
- Finance9 months ago
Why Entrepreneurs Often Fail
- Marketing2 years ago
What You Can Learn From Amazon’s Marketing Strategy
- Social Media3 months ago
In-Depth Guide to Social Media for Small Businesses
- Mindset4 months ago
Entrepreneur Newcomers Join Billionaire Rich List
- Mindset8 months ago
5 Positive Impacts of Green Businesses On Employees’ Wellbeing and Performance