The Cost of Being Hacked
An Ounce of Prevention is Worth a Pound of Cure
Imagine waking up one day to the sound of a loud CRACK... CRASH! You are startled and run into your living room to find that a large oak tree has fallen onto your house.
You go out and begin investigating only to realize the center of the tree has been hollowed out by carpenter ants. You had noticed them climbing up and down the tree this year, but couldn't have imagined the situation had gotten this bad.
Now, you have to call a tree removal service, a contractor to fix your house, and figure out how you are going to prevent rain and other elements from getting in before repairs have been completed.
Hacking Happens
The longer you own a site, the more likely you are to become a target of a hack. If you can proactively identify and patch security threats, you may never experience a successful hack, but that doesn't mean people won't try.
You may think that your new website is built securely, and there's a good chance it was. However, there are things like "zero-day vulnerabilities" that can be discovered and exploited over time. This means while your site was secured to the standards available at the time of launch, new exploits may reduce its level of security as time goes on. If you have a site, you have to take ownership and either proactively maintain it yourself or hire a service to do so.
What is a Hack?
Hacking can come in a variety of ways, but all can damage your reputation. Malicious users can manipulate the content or resources of your site, including anything from server-side scripts to images. They can even redirect your site to less than desirable domains.
If you catch the hack too late, not only will visitors be exposed to malicious scripts, but your Google listing will get flagged as being potentially hacked. The flag can take days or weeks to remove, so it is important to stay aware of your site's health.
How To Go Back To Normal
Once your hacked, it is best to just forget what content you have and revert to a clean backup. If no clean backup is available, you can expect to pay anywhere from $200 to $1000, and in some cases, even more, to have a service remediate your site. Unless you are a professional, do not attempt to resolve a hacked site on your own. This is just the dollar cost of repairing, but you also need to communicate with visitors that may have been exposed to your hacked site, which costs your reputation and trust. Depending on the purpose of your site, e.g. banks, stores, or sites that collect personal information, it may even be required by law to alert all visitors of potential data breaches within a specific amount of time.
Site hacks can destroy your current files. More complex hacks will inject scripts into existing files on your site. This is why it is important to count your losses and restore a clean backup. Any infected file brought over could create a new vulnerability and bring you back to square one.
Before You're Hacked
If you are lucky enough to have not been hacked yet, make sure you follow a few simple steps to prevent catastrophic issues in the event of a hack.
1) Have Backups
When a site is hacked, it is not a good idea to move any files from the infected site to a clean site. If no backups are available, it could easily triple the cost of a remediation as the developer has to scan and test hundreds or thousands of files. The added cost doesn't necessarily mean they will be able to recover everything either. The best way to ensure recovery is to have a clean backup to restore from.
2) Regularly Update Your Site
Find out what platform(s) your site is running on and subscribe to their update or security newsletter to be promptly informed of new threats and patches. Keep your site up-to-date is an easy way to prevent vulnerabilities, and it makes it easier to add new features to your site down the road.
3) Utilize a Web Application Firewall
Web Application Firewalls (WAFs) are services that can prevent bad bots from fishing your site or running malicious scripts. They aren't 100% reliable, but they can help in certain scenarios.
4) Stay Proactive!
Websites are not set-it and forget-it... You must be aware of the health of your site and make sure it is functioning. You wouldn't buy an office for your business and then never visit it, so don't do that with your website.