Rayanne Thorn: Jobseekers: Understanding the Candidate Experience
LOOK: Mystery Man Gives Canada Animal Shelter $25,000 In Random Act…
Fighting Off Hackers: 5 Things You Need to Know
Even the biggest websites get hacked. But a few smart moves can help limit the damage. How to fight off hackers when they strike.
Posted 1/ 6 11 at 7:00 PM | 5 Things You Need to Know, Technology, Legal Issues, International Business, Online Business, Business Products & Services, Computer Hardware, IT Services, Security, Software
Text Size:
A A A
Almost every day, it seems, we wake up to more international gossip disclosed by WikiLeaks and founder Julian Assange. And attempts to choke off support for the leaks have brought out the hackers. In December, for example, both MasterCard and Visa saw their websites invaded by WikiLeaks "hacktivists" after the companies blocked donations to the controversial site. Fortunately, customers' credit information was not compromised.But other companies are far from immune to website hacking. McDonald's, Walgreens and Gawker Media have had their own problems with hackers recently.
If you're running a smaller business or personal website, you may feel a little safer, a little more under the radar, from hackers. Still, every business is susceptible to some extent, and while data on exactly how much businesses lose each year to hackers is hard to come by, estimates are in the trillions. The threat only gets bigger.
So what should you do if your website is hacked? Here are five things you need to know.
1
Stop what you're doing.
Being hacked is a little like entering your home or office and finding it burglarized. And just like that scenario, when you discover that your website is under attack, the hacker could still be lurking. "If you recognize your website has been hacked, the first thing to do is have your hosting provider suspend your site immediately so the hacker or attacker can't continue to leverage your website to distribute malicious software or steal sensitive data," says Sean Bruton, director of security at NeoSpire, a Web hosting company headquartered in Dallas.
2
Determine the scope of the damage.
After the initial shock wears off -- but hopefully before emotions, like rage, settle in -- you need to take stock of what the hacker has done. You can't possibly figure out what your next step is until you understand what the hacker's goal is. Are they just trying to make you look bad, by defacing the website, or did they manage to steal credit- and debit-card information? Or something else?
"Hackers are not necessarily looking for e-commerce sites only," says Carmine Morra, director of interactive media for The Donaldson Group, Instead, they may be "looking for easy access to gain e-mail lists." Meaning the hackers may have been after a free and easy way to build up their methods of spamming people. And if they did get into your customers' financial records, that, of course, is a much more serious problem.
"Hackers are not necessarily looking for e-commerce sites only," says Carmine Morra, director of interactive media for The Donaldson Group, Instead, they may be "looking for easy access to gain e-mail lists." Meaning the hackers may have been after a free and easy way to build up their methods of spamming people. And if they did get into your customers' financial records, that, of course, is a much more serious problem.
3
Don't keep it a secret.
If you've been hacked, you've been hacked. Don't hide it -- not from your vendors, not from your staff and especially not from your customers. "They are smart and will understand that you're also a victim," says Mandeep Khera, an online-security expert with Cenzic, a Santa Clara, Calif.-based company that specializes in protecting businesses from hackers.
Audrey Gendreau, assistant professor of computer information systems at Saint Leo University in Saint Leo, Fla., points out that it's not just ethically sound business to contact everyone who may be affected by the cyber attack -- you're often obligated to, unless you want to run afoul of your credit card issuers and possibly the law.
"The Payment Card Industry represents a consortium of credit-card vendors that dictate how merchants must safeguard their credit cards," Gendreau says. "In accordance with this consortium, the business must notify the card holder immediately and contact the vendor when credit card information has been stolen. If the business was not in compliance with PCI when the breach occurred, they could be fined and lose their merchant status with the credit-card vendor."
Even if you aren't concerned about the fallout from your credit-card vendors, Khera adds that "many state laws, like California SB 1386 and AB 1950, require you to let your customers know if their information has been stolen."
Audrey Gendreau, assistant professor of computer information systems at Saint Leo University in Saint Leo, Fla., points out that it's not just ethically sound business to contact everyone who may be affected by the cyber attack -- you're often obligated to, unless you want to run afoul of your credit card issuers and possibly the law.
"The Payment Card Industry represents a consortium of credit-card vendors that dictate how merchants must safeguard their credit cards," Gendreau says. "In accordance with this consortium, the business must notify the card holder immediately and contact the vendor when credit card information has been stolen. If the business was not in compliance with PCI when the breach occurred, they could be fined and lose their merchant status with the credit-card vendor."
Even if you aren't concerned about the fallout from your credit-card vendors, Khera adds that "many state laws, like California SB 1386 and AB 1950, require you to let your customers know if their information has been stolen."
4
Identify your vulnerabilities.
Granted, unless you know something about source code, this is probably a job for your tech team or hosting company. But it's a vital step in the process of getting yourself unhacked, since you've shut down your website, and it would be ridiculous to start it up again until you know what went wrong. Keep in mind, hosting providers won't accept responsibility for a hacker invading your website.
"Even if a business has a hacking monitor and prevention service, and its site gets hacked, the service provider won't take responsibility," says Morra, adding that it's similar to how security systems in a home or business work. "If you have an alarm system in your home, the alarm company won't accept the responsibility for your home if you get broken into."
"Even if a business has a hacking monitor and prevention service, and its site gets hacked, the service provider won't take responsibility," says Morra, adding that it's similar to how security systems in a home or business work. "If you have an alarm system in your home, the alarm company won't accept the responsibility for your home if you get broken into."
5
Plan for the next attack.
Lightning can strike twice -- and so can hackers. "The fact of the matter is that bad things happen," says Bill Roth, executive vice president of IT data management company, LogLogic, an international firm headquartered in San Jose, Calif. "You will be hacked. You may have already been hacked and not know it."
So how do you prepare? "A rational organization will do three things," Roth says. "First, put up the best defenses you can. Second, implement the best people-processes you can. Finally, be ready to clean up and perform forensics when you do get hacked. It's important that you know what's going on inside your network since the majority of threats come from the inside."
Geoff Williams is a regular contributor to AOL Small Business. He is also the co-author of the book Living Well with Bad Credit.
So how do you prepare? "A rational organization will do three things," Roth says. "First, put up the best defenses you can. Second, implement the best people-processes you can. Finally, be ready to clean up and perform forensics when you do get hacked. It's important that you know what's going on inside your network since the majority of threats come from the inside."
Geoff Williams is a regular contributor to AOL Small Business. He is also the co-author of the book Living Well with Bad Credit.
Getty Images
- 'Marriage Penalty' Could Make Costly Return - CNNMoney
- Oil Rises on Optimism for Cliff Deal - FOXBusiness
- Dow 2012: The Studs and Duds - InvestorPlace
- Turning the Corner: Why 2012 Wasn't as Bad as You Think - The Motley Fool
- World’s Longest High-Speed Rail Line Unveiled In China - IBTimes
- FORGET THE DEFICIT: Here's The Real Reason Liberals Want To Hike Taxes On The Rich - Business Insider
- CEOs to Fire in 2013 - 24/7 Wall St.
- DailyFinance Market Minute - DailyFinance
Comments (Page 1 of 1)
Dir Sir. I have been hacked and all of my freinds are getting bad adds under my aol account. What do I do to stop this. Dan
i DO NOT KNOW IF MY COMMENT WENT THOUGH Iam a contractor with an AT&T yellow page web site. Last year every time i looked up my ad could not find it.I have been dealing with YP.com thoughout 2010 They could not find it either. Could find it in google but not YP.COM. Now there is only one other company that does what i do.iam wondering after reading some of the comment if it is possible for someone to mess with my website like that thank you
Well it seems to me, we are just to Liberal oln these Hackers..
We have to Set up more Strict laws to punish them and not a Slap on the wrist and let them go..
Kids or not.. makes no difference.. These PC's are giving a Kid a Gun...
We have Foreign countries even hacking us !
Brings up the issue of more Control over Using the Internet
Let's ask the Internet founder for advice what to do? Al Gore
Hey... WElcome to enjoy a good time on
__ Bla ckw hiteCu pid ℃○M with other s ingle bl ack, wh ite gi rls and men in y our city.. It is my favorite club for mi xed lo ve....give it a chance
I just think this is breathlessly bad advice, in my personal opinion.
If your website isn't hosted on a professional "hosting site server", it damned well should be. The days of hosting a site out of your back room are over -- and typically you can't even get a static IP from Comcast, Qwest, et all, to DO it! It's specifically banned.
Sure, you can get a T1/E1 line, if you want to pay through the nose.
A good professional server generally takes care of this stuff, because:
(1) They've been hacked more than once.
(2) They're calm because they've been through this stuff.
(3) They know what to do because it has happened to them before.
That's my advice.
-- Dave
Being hacked is similiar to being married...Simply pitch your computer or your wife & start over...Treat a hack job the same as you would a virus. Treat a marriage the same as you would the plague!
Fighting off hackers? How 'bout not being so complacent about it happening like it's 'supposed' to! I don't know how to do it, but isn't there anyone who gives a damn to locate and prosecute instead of being complacent and going "oh well it happened again!"
People don't give a hoot about hackers unless they're personally affected. You're only concerned about YOUR personal info. being hacked on sites. You don't care about others. Maybe that's why no one gives a hoot about stopping hackers and not promoting them like they're the greatest thing since sliced bread when it's against someone like WikiLeaks only to get mad when the same hacker goes after you.
But what do I know! Half the time my comments are never printed because I don't say the 'right' thing anyway.
hi how are u i was hack by mystery shopper
they stole my pass word i had 939 emails from hacker i didnt do mystery shopper
i was mad cause they think its funny but its not it miss up my laptop big time then almost got in trouble with mom cause of it