The signs of unwanted intrusion may be obvious: for example, your company`s website now features an animated GIF of a clown laughing, a collection of pornographic images, or a message that literally says “This website has been hacked.”
Or the clues may be less noticeable: you can’t log in to your site, or you spot a new registered user you don’t remember authorising.
Either way, once you realise your business website has been hacked, you’ll need to take steps — to protect your data, your reputation and your relationship with your customers.
Cybercrime and small to medium sized businesses
The Department for Business Innovation and Skills (BIS) reports that 60% of small businesses experienced a cyber security breach in 2013, while the cost of serious breaches doubled. The average cyber attack now costs small businesses between $65,000 and £115,000.
You can’t afford to be unprotected, and if a cybercriminal penetrates your website’s defenses you can’t afford to keep quiet about it.
Here’s what to do if you’ve been hacked
1: Assess the damage and take immediate action to get your website back under control.
Overestimate rather than underestimate. It’s better to fear the worst and then adjust downward than to assume it’s only a minor problem and later discover the damage is far worse than you imagined. If you’re not sure, consult an expert.
2: Inform anyone who may have been affected.
If your organisation doesn’t admit there’s been a security breach, the damage will be far worse. The criminals may have accessed customer data or collected passwords from your site’s users, so your customers, employees and other stakeholders need to know as soon as possible if they may have been affected.
3: Analyse and protect — find out how it happened and take action to protect your website from future cyber-attacks.
You may want to bring in an independent expert to review your cyber security, for example, and subscribe to an IT management service to keep your security software up-to-date with the latest patches.
Most important, be prepared to discuss the cyber security issue transparently with employees and customers. That’s the only way to resolve the situation without leaving a bad impression.
360ict provides managed IT services and business support to SMEs in central London and the south-east. For expert advice on your IT security, give us a call on 0208 663 4000.