Hacked Small Business: 5 Lessons Learned –

From flickr user

This week, my small business website was hacked. Yikes! It’s cliche, but true: I really didn’t think it could happen to us. We’re so small, who would really care about tapping into our traffic and data? It turns out, someone out there does, because I discovered a malware redirect on our website that was stealing our traffic and attempting to corrupt visitors’ computers. We were able to handle the attack without major incident, but the experience has been eye opening for me and the security of my business. Here’s what I’ve learned this week:

  • Yes, it can happen to you. When most people think of hacker targets, major financial websites and email providers come to mind, not a small business. So many small businesses think that because they’re not a huge target, we’re flying under the radar of hackers, but it’s just not true. It turns out that small businesses are a growing target for hackers. While most larger firms have shored up protections, small businesses are often low-hanging fruit for hackers, making it easy to break in and take over.
  • Hacking is a major productivity buster. Our breach was small, and dare I say it, manageable. Only one type of file was affected on our relatively compact website, and it was simple (yet time consuming) for me to go through and delete the malicious code that had been added. After setting up a few scans for my computer, I’m pretty sure the threat has passed. If our website or business was much larger, it could have been an even bigger task, but even with just a minor hack, nearly an entire day of productivity was wiped out as I worked to figure out what exactly had happened and set about fixing it. It certainly threw a wrench in my plans for the week.
  • Getting hacked can impact the credibility of your business. I found out we’d been hacked because a few of our clients gave us a heads up: they got error messages that our website was unsafe. How embarrassing! When we share a link, I want our customers to be confident that it’s safe to visit our website, but now, they may have doubts. We caught the breach early and it largely went unnoticed, but a more widespread and extended hack could cause serious problems for our website traffic and customer confidence.
  • We were not at all prepared to be hacked. Our passwords for just about every business login had all been the same, and we hardly ever back up our website. Sure, we have strong passwords, and we are religious about backing up our computer data, but it’s clear that we have some pretty big holes in our security. We’ve since implemented a variety of passwords, updated everything, and backed it all up. We were lucky not to lose a thing this time, but next time (yes, I am planning for a next time), we might not be so fortunate, and it’s better to be prepared than sorry.
  • There’s a lot you can do to prevent and manage the threat of hacking. Until this week, I hardly gave a second thought to having our site breached, so it’s not really that surprising we were targeted. But it turns out, there’s a lot we could have been, and are now, doing. Keeping your website software updated is one big step, as updates usually have the latest protection. Using a variety of passwords, and changing them regularly is another. It’s also important to keep all of your sensitive and important data backed up, whether it’s on your small business computers or on your website. Don’t have time or know-how to stay on top of your security? There are plenty of companies happy to cover the task for you. Our host offers a site scanner, and we were recommended several different services that regularly monitor and protect your site for a fee. Of course, if you’re die-hard DIY like many small business owners, you can certainly tackle this task yourself, just be sure you know what you’re doing.

Has your small business ever been hacked? What was your experience? Are you a target, and are you prepared to handle being hacked?