Ten years ago, having a website was a geek badge of honour, but today it’s far more than that. Your website is a virtual representation of you or your company. If it gets hacked, the result could be devastating to your reputation – and your income. If you know how to communicate in a crisis, then you can minimise the damage, but first you need to understand what’s going on.
You may think that it’s highly unlikely that your site would get hacked – after all, you’re just an independent company selling a niche product to people in your local area. You don’t have any enemies – and you’re not big enough to get on the radar of a hacking group. Sadly, that’s not how hacking works these days. Targeted hacks do happen, but the majority of websites that get “hacked” are simply victims of complex scripts which scan the Internet for vulnerable servers and content management systems and infect them. Those infected sites then look for more sites to infect, and so on, spreading rapidly.
So, you could be attacked simply because your web host chooses to use a particular version of some obscure software that you didn’t even realise was installed.
Signs of A Hack
In some cases, a hack attack is immediately obvious – your website may be defaced with a “hacked by” slogan, or it may be completely broken. In other cases, however, the hack may be more subtle, and the first you’ll hear of it is when Google flags your site as an attack site, because a script on your site has targeted visitors from certain countries and infected them with a virus.
Having your site flagged as dangerous by Google is a serious problem, and this is where your crisis management skills will be tested. You’ll need to figure out how your site got infected, clean the infection, and get Google to un-flag your site.
Here’s a step-by-step guide:
- Take your site offline as soon as you realise there’s been an attack.
- Inform your web host, and ask them to look into security on their end.
- Get your IT guy to look at your site and see if they can figure out what the malicious code did, and how it got there.
- Now’s the time to test your ability to communicate in a crisis – once you know the extent of the problem, send out a mail to your existing customers letting them know that they might see a warning, but that things are under control. If you think regular visitors might be at risk of viral infection, include a link to a free virus checker as a courtesy.
- If you have a Google Webmaster Tools account, use it to remove any infected pages from the listings so that those pages don’t get served in search results.
- Restore a clean backup of your site, and if necessary patch it up to date so you don’t get attacked again.
If you run a content management system such as WordPress, Joomla, or Mambo, then you should make sure that it’s up to date at all times, and that you keep plugins updated too. Being able to effectively communicate in a crisis is a good skill, but prevention is better than crisis communication!