No matter how many resources you’re devoting to cyber security, a website hack is still a very real possibility. An ounce of prevention may be worth a pound of cure, but all the same, you need to have a plan in place for what you’re going to do if your site gets hacked.
Cut The Hackers Off
Before you try to fix the hack, you have to cut the hackers off. Change passwords, take your server offline. Do whatever you have to do to ensure that no more damage is being done.
Put Your Users First
You can fix a website hack. Lost data can be restored. User trust is much more difficult to earn back once it’s been lost. Right away, you need to start doing damage control with your users.
The most important thing here is transparency. Your users have trusted you so far, and you need to reward that trust by being completely honest about what’s going on. If they need to change their passwords, let them know. If some of their data has been compromised, make sure that they are aware of this. It’s not just your website that’s been hacked, it’s the data of everyone who uses the site. Make sure that your users know what’s up so that they can respond accordingly.
Break The News
If it’s a major story, then it’s a story that you need to take control of. In tech reporting, the story that breaks first is usually the version people stick to. If you break the story yourself with a press release to relevant blogs and websites, then you can cut off damaging speculation before it starts.
Take Preventative Measures
The silver lining to a website hack is that it teaches us where our vulnerabilities lie. This is why websites like Google offer bounties to anyone who can crack their security.
This is a basic guideline, but you need to talk to your people, hold a meeting with your tech staff, with your public relations people, and make sure that you have a comprehensive plan in place should somebody crack into your website and steal data from you and your users. No matter how good your security may be, there are no 100% guarantees in tech. Security is always playing catch-up, always figuring out how to combat what hackers have already done in the past. This means that learning as we go is just part of the job.
