As much as you’d like to convince yourself and the world otherwise, yours and every other business website out there is susceptible to a website hack. Even enterprise-level companies with millions to spend on encryption and complex data security measures have security vulnerabilities that can and will be exploited by hackers. Whether the hack is cause-driven or arbitrary, the simple fact of the matter is that your business will be adversely affected by a website hack and you need to be prepared. In this post we’ll cover six crucial steps to take after a hack to minimize business impact and lower the chances of it happening in the future.
Six Steps to Recovering from a Website Hack
- Notify Your Customers — In this instance, keeping a website hack a secret from your customers isn’t a smart PR move. In fact, it can do more harm than good. The first thing you should do—especially if you’re a financial institution or ecommerce company—is fill your customers in. Even if you don’t know exactly what happened tell them that a data breach occurred and that you’re looking into it. It doesn’t have to be an in-depth announcement, but just making one will go a long way. In the event of a hack, transparency is your best friend.
- Investigate the Hack — Immediately gather your IT staff and start investigating the hack. Find out exactly what occurred and as quickly as possible. Determine the type of hack, what could have possibly motivated the hacker and what aspects of your business are affected.
- Give your Customers actions to take — If your customers or site users are affected, immediately give them actions to take. This can be anything from changing basic personal account information like passwords and email logins to cancelling old financial accounts and updating with newer, secure accounts. This needs to be handled quickly and delicately. Reassure your customers that you have everything under control.
- Ramp up security — Be candid about vulnerabilities in your data security system. Don’t be afraid to ditch security measures that are either not working effectively, or that might have even contributed to the hack. Research new methods of encryption. Get something new in place as quickly as possible before you deploy the full version of website again.
- Investigate new hosting options — Does your current hosting plan offer the kind of security your site needs? If you’re on a shared server, it probably doesn’t. Consider switching to virtual server hosting. You’ll still share hardware with other users, but your server will run in its own virtual sandbox, insulating you from others’ security mishaps.
- Develop a Disaster Recovery Plan (DRP) — Meet with a DRP consultant to get a solid disaster recovery plan in place. Surprisingly, only a small number of SMBs and mid-sized organizations take disaster recovery seriously. Whether you’re dealing with a data breach disaster or a real-life natural disaster, you can’t afford to delay any longer in putting together a working disaster recovery plan.
The Future of Data Security: Re-thinking Encryption
One of the big problems with modern data security is that many companies keep trying the same old things while expecting new results. Password encryption is no longer the safeguard that it used to be, and really hasn’t been effective for a long time. Companies need to start looking into two-step verification processes to ensure higher levels of customer/user data security in the future. This isn’t going to be an easy sell, but it’s important to try.
Credit:
Emily Miller is a marketing professional and small business blogger who contributes regularly to Technected. She is currently working to help startups and small businesses implement technology solutions for their companies.