February 5, 2019 by Diana Bocco

What to do if Your Website was the Victim of a Cyber Attack

A 2015 internet security report found that 60% of cyber attacks were aimed at small to medium-sized businesses.

What to do if Your Website was the Victim of a Cyber Attack

This was partially due to the fact that there are so many more small businesses than large businesses, but it is also because smaller businesses don’t have the same resources at their disposal to defend against hack attacks. What should you do after your website has been the victim of a cyber attack?

Be aware of it

You can’t deal with a cyber attack if you aren’t aware of it. A director of Microsoft Asia said that it takes an average of 200 days for small businesses to find out they were hacked. That’s more than enough time to steal the credit card information of your regular customers and other important information. Warning signs include computers, servers, and websites operating slower than normal.

Minimize the damage

The next step is to minimize the damage. If a server is infected, disconnect it from the network. If your website has been hacked, you’ll need to work with your web hosting service.

Call in your IT team to investigate the suspected hack or call in digital forensics experts to determine the scope of damage. The team at SecureForensics forensic investigation will be able to determine how it happened, map out what they’ve done, stop it from continuing, and develop a plan to protect against future attacks.

Restore your systems

You need to recover your systems. This may include restoring uncorrupted data from backups or mirroring your website so that it is back up and running. You’ll need to restore your operating systems to their original condition, plus the patches or security software upgrades they were previously lacking. As part of this process, you need to implement up-to-date security upgrades. Later, you’ll need to make certain that IT management keeps these patches and IT security tools up to date.

Understand the impact

You need to understand the impact of the hack to respond appropriately. For example, you need to know if customers’ personal data was breached so you know the legal implications of the breach. If their data was stolen, then you may be legally obligated to inform your customers of the hack attack. If your financial accounts were compromised, you will need to notify your bank or freeze your accounts. Depending on the situation, you may need to file a police report. That is essential if your business’ bank accounts were drained.

Plan preventative measures

You may need to train employees how to identify phishing attacks and not fall for them in the future. Teach them how to verify the identity of someone before resetting accounts or giving them sensitive information.

Your IT team may install better anti-virus and anti-malware tools on your network. Host intrusion detection or a better firewall may be on the list. Better automated backups of mission-critical data systems minimize the data loss if you have to wipe a corrupted database. Improved password management may stop a hacker who gets one admin password from accessing other systems. If the point of failure was an employee bringing a personal device to work, either limit their ability to use their own devices for work or require them to have company approved anti-malware installed on their personal devices.

Conclusion

Small businesses are under attack whether they know it or not. You must know how you’re going to deal with a hack attack appropriately as quickly as possible to minimize the harm and prevent it from destroying your business.

Is your website available? Testomato can check your website availability every 15 seconds from 10 different locations around the world and will send you an alert if the site is unavailable.

Keep track of the important parts of your website with simple checks that can run every minute. They can check plain words, HTML code, HTTP headers, redirects … and much more. Never miss anything.

Websites break, it happens all time. You'll be the first to know. Testomato has an extensive database of and will let you know if it finds any error on monitored url.