It’s happened. You did everything that you could to protect your website, but you got a message this morning. Maybe it was from one of your team members. Perhaps it came from a client who was trying to visit the site. It might even have come from a vendor that you often work with. Your site is not what it should be. It’s redirecting to a fake Amazon loyalty page. Or all of the latest blog posts are about casinos and gambling. Or are in a different language.
The first instinct is to panic. I know that I did when it happened to us! You’ve been attacked, and it can make it difficult to think straight. What should your next steps be? How can you put an end to the attack as quickly as possible?
Solid Systems is here to help.
Do You Have A Disaster Recovery Plan In Place?
First things first, it’s important to know whether you’ve planned for this kind of attack. Plenty of businesses put together Disaster Recovery Plans (or DRPs), which include details of what should happen when a disaster occurs. An attack would be one of those disasters that you might have planned for, and if it is, you’re already a couple of steps ahead of the attacker.
Find the documentation that you’ve already put together, which will list the people you need to contact, where cloud backups of your site may be stored, and who is responsible for recovering the necessary data. If you’re working with a Managed IT Services company like Solid Systems, letting them know about the attack will be a great step in helping you to bounce back from the attack as quickly as possible. You will also want to let your other team members know as soon as possible, just in case the attack extends further than just your website becoming compromised, and they need to be careful of which emails they open and which links they click.
How Did The Attack Happen?
If you are able to determine how the cyberattack that compromised your website occurred, you will be in a far better position to be able to stop the attack in its tracks, and protect your website from being attacked in the same way again.
One of the first places to look is going to be your website backend. Are you using any plugins that have gone unpatched for extended periods of time? Has one of your users become compromised? Do you have website users listed under the domain who no longer work for your business?
What Has Been Affected?
The next step in the process will be gaining a better understanding of what changes have been made on your site. Is it simply a redirect that an attacker has implemented on your website, without changing any of your content? Did they add content to your website that needs to be deleted? And are there files that have become corrupted?
Performing a website audit will give you a good idea of what changes have been made, and clarify the way forward. If you caught the attack early on, restricting access, changing all user passwords and updating plugins could be all that’s needed. If the attacker has had access to the backend for an extended period of time, removing them from your systems may prove to be more difficult, as they could have provided themselves with future entry points.
How Long Has The Attack Been Going On For?
If you have a good idea of when changes to your website started, rooting out the attacker and securing your website can be as simple as restoring the data from a cloud backup.
Even if you aren’t actively making backups of your website (which we highly recommend you do), platforms like WordPress will store previous versions of your site which you can restore to. If it’s clear when an attacker gained access to your systems, restoring to before that point is the simplest way of getting your site back up and running.
What Vulnerabilities Need To Be Fixed?
Once your website is back online, reducing the risk to your reputation when people navigate to your site and find that you’ve clearly been attacked, the next step is to make sure that the attacker can’t get back in and make any changes.
This is where it will be necessary to reset the passwords for every user under the account, just in case the attack was caused by one of them becoming compromised. Then you’ll need to ensure that all of your plugins are up to date, ensuring that any vulnerabilities in the software cannot be leveraged by an attacker to access your site. Installing a security plugin like Wordfence (if you’re using WordPress) will ensure that you are alerted to unusual activity within your account as well, limiting the actions that an attacker can take before they are discovered.
Who Should You Tell?
This question is one of the most difficult to answer. While telling the humans within your business is a must, since they are the ones who will most often be redirecting your clients and prospects to your website, and making sure that your IT team (or Managed IT Services company) are aware is a good start, there are others that you may need to inform as well.
If your website is frequently visited by your customers, and you have a login portal that it is likely your customers would have used during the attack, letting them know about it may be necessary. As much as you may want to limit the exposure that the attack gets to save your reputation, a sure-fire way to ruin your reputation is by having your clients learn that you hid the truth from them. And this is especially the case if their login credentials or personal data became exposed during the attack.
In cases where you do need to inform your clients about an attack, the way that you do it will be all-important. You will want to make sure that you reassure them, showing that you resolved the attack as quickly as possible, and that you have taken every step that you can to protect their data, and to ensure that it will not happen again.
How Can Solid Systems Help?
While we are far from website specialists, we can help you to put the right technologies in place to ensure that you are as protected as possible. Our wide range of solutions include cloud backup, Disaster Recovery Planning, IT and Cybersecurity audits, and so much more. We want to make sure that you are able to step into the future with confidence, and to help us on that mission, we plan for the future, ensuring that your technologies are not just helping you to reach your goals, but keeping your business safe in the process.