Business hacks: How to protect your website against hackers

Business hacks: How to protect your website against hackers

Responding to a hack

What should you do if you discover your site has been attacked? “The simplistic answer is to shut it down right away,” suggested Greer-King. “Make sure it’s cleaned up before you bring it back online, so you can’t infect anybody else. And put measures in place to make sure it doesn’t happen again. When you see a site that keeps coming back and then being taken offline again, that suggests they’re cleaning it, but not putting security measures in.” “Assume that the website and server have both been compromised,” added Trump. “Changing your passwords is advisable: the criminals will have compromised the website and the OS.”

There may be legal processes to think about too. “If you’re required to be PCI [Payment Card Industry] compliant, you may need to hire a PCI-certified incident responder,” said Sanabria. “The PCI Security Standards Council has a list of certified responders on its website at pcisecuritystandards.org. And think about local law enforcement: it never hurts to start a relationship with these organisations before you have a breach. Sometimes they can share information about threats, helping you to avoid being compromised in the first place.”

Perhaps the trickiest question is what to say to your customers after a breach. Being hacked can shake confidence in your business, so it’s crucial to send the right message.

hacked_website

“Any security incident, especially if it will become public information, should be treated as an opportunity,” said Sanabria. “Respond quickly, transparently and in your customers’ best interest, and a compromise could actually earn you respect and a better reputation in the long run.”

Greer-King agreed: “I was talking to someone recently who’d been breached, and he said the company had actually benefited hugely from it. Customers appreciated their honesty. People were saying ‘we understand that you’d taken appropriate security measures, so how can we learn from what happened to you?’ When something happens, the initial instinct might be to try to sweep it under the carpet, but there’s a benefit in being public and open.” You can expect a harder time if sensitive data has been breached. “If you didn’t encrypt your customers’ information you could be facing a substantial penalty, not to mention ill will with your customers,” warned Ian Trump. “In this case it will take a lot more than an apology to make things right. You’ll need a lawyer and a PR firm to help. A personal touch can also be advisable when a business has faced a crisis – such as a personal call from the CEO to major affected customers.”

Have a plan against hacks

“When bad stuff happens, that’s a moment of crisis, and not necessarily a time when clear heads will be determining what to do,”

When it comes to minimising the risk from a website attack, your best bet is not to wait for the worst, but to anticipate it. “When bad stuff happens, that’s a moment of crisis, and not necessarily a time when clear heads will be determining what to do,” said Greer- King. “So consider your response in advance. Try imagining that a breach has occurred and think about the impact – have credit-card details been stolen, or customer records? Is it just ‘noisy’? Then you can work out an appropriate process.

“Every company, no matter what size, ought to be thinking about this. It’s very common for small businesses to assume they won’t be a target, but they have more importance than they might think.”

It’s great to know how to defend against hacks, but here’s how the hackers actually do it.

Images: Alexandre Dulaunoy and Sebastiaan ter Burg – Flickr

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.

Todays Highlights
How to See Google Search History
how to download photos from google photos