By: Brenda J. Trainor
Owners of small businesses are busy enough keeping their operations going, and few of them have time to also be expert webmasters to handle all their electronic communications. But, the small business owner must be a jack-of-all-trades, or at least have some knowledge about a lot of different areas to avoid some dangerous pitfalls.
Sometimes a disaster will befall your website, and you should have a plan in place to respond should a catastrophe strike.
Chances are if your business has a website (and of course you should have one!) it might be compromised someday. Unless you are engaged in some highly lucrative or secret endeavor, your site is not likely to be the victim of corporate espionage or vindictiveness. What is more likely is that some annoying little nerd with too much time on his hands has launched a program that went searching on the Internet to find a vulnerability in your hosting software, and it has found your site and compromised it in some fashion. It probably isn’t personal.
Suddenly, your site might be directing people to porn, or some other crooked scheme that is not what you want your customers to see. Your site has been hacked - what do you do?
First, stay calm - you can recover from this catastrophe. Depending on the nature of the hack, you just need to systematically rebuild your site and its security and relaunch it successfully. It probably won’t be too hard, if you’re lucky.
The key to planning the successful recovery is in having good site management in the first place. Your site is probably hosted by some service, and that service should have some built-in protections. For a well-managed site, you should have a set a master files and a good security system. That means that the system administrator has high-level passwords that are changed periodically and a good security program that scans your software regularly to assure that your files aren’t being compromised. It also means that your system is backed up regularly. So at all times, you should have ready access to a clean set of master files ready to relaunch, just in case.
Of course, you need to know when your site is compromised if you want to be
able to recover quickly and minimize disruptions. Since you probably aren’t on your site all the time (after all, you are running your business), a simple step is to use a site-monitoring program.
This is a service that regularly goes to your site and will send you an email immediately if there is something wrong with your web site.
There are a lot of these free services (just Google “site monitoring free” for a long list of options). Just be sure that you use an email contact that you check frequently during the day, and consider having a close ally on a second monitoring service who will contact you quickly should they be contacted with news of a breach. Think of this as belts and suspenders.
When you discover the hack, immediately contact your hosting service and follow their instructions. First, take down your site - just accept that you’ll be offline during the recovery, which is preferable to perpetuating the hack. Then, you’ll likely need to reload a clean version of your site’s software that you have stored. You’ll likely need to change your pass codes and reestablish your security keys. Of course, you’ll want to run a security program on your files to be sure they clean and free of any viruses or malware. You’ll want to be sure that any third-party scripts that you use are clean and from reputable services.
You’ll want to upgrade your security software and run a system check. You might even want to use a free service and run it as well as a double check. With everything stripped down and cleaned up, you should be ready to reload and get back in business. You will lament that time you spent in recovery, and you’ll be annoyed at having to go through all this, but with the proper planning and a calm approach to recovery, your site will soon be back up and the disruption should be minimal.