cyber attack? 4 steps to secure a website!
Exciting Project: Securing and Restoring a Website After Attacks from Hong Kong. Find out how we successfully restored content and got the website up and running again after facing cyberattacks from Hong Kong.
Cyber attacks are no longer the exception but the rule in today’s digital landscape.
Cyber-attacks are no longer an exception but rather the rule in today’s digital landscape. Hacker attacks can lead to the destruction of websites, theft of customer data, and significant economic damage through the encryption of businesses’ IT systems. In Austria, the number of ransomware attacks has seen a substantial increase. According to a study by Deloitte and SORA, almost half of the surveyed companies have already experienced a ransomware attack. Despite this threat landscape, only a few businesses have a crisis or emergency plan in place.
The damage is often not only of a technical nature.
In the case of our client, their long-maintained website suddenly became unusable. Although backups were available, it turned out that they were just as “infected” as the website itself. The attackers couldn’t be simply removed from the system as a result.
The contents of the website – images, texts, and layouts – were thus lost. This was a hard blow because these “old” contents were crucial for the rebuilding process, as they were meant to build upon the work that had already been done.
While the technical damage is quickly recognizable and assessable, the communicative damage is difficult to quantify and replace. When all texts, images, UX and UI designs, as well as customer communication, need to be completely re-conceptualized and created anew, it presents a significant communicative challenge. The financial damage is much greater in this case than if it were possible to build upon existing materials.
How do you secure the content of a website?
A solid IT security concept and measures for detecting attacks are of crucial importance. It’s also essential to raise awareness among employees through training regarding IT security sensitivity and to educate them in the proper operation of technical systems.
On a communicative and design level, it’s important to archive and maintain content in a structured manner. A systematic approach in communication defines and documents when, where, and how various customer groups should be addressed. This prevents the need for repeating work and allows for accessing a content and design system in case of damage.
The following measures can be taken to secure a website:
- Regular implementation of security updates.
- Changing the system when updates are no longer supported.
- Systematic and long-term creation of backups.
- Use of firewalls and security scanners.
How could we save the content of the website?
Step 1: Use a secured system.
When accessing a hacked website, self-protection takes top priority. The first step involved using a dedicated computer solely for this purpose. This computer was reformatted and contained only the operating system and necessary tools, with no additional data.
Step 2: Use a secured network.
Mobile internet offers a higher level of security compared to DSL routers or Wi-Fi routers. DSL routers are relatively easy to decrypt and hack, while Wi-Fi routers can be vulnerable to external attacks. Mobile data is encrypted and transmitted over 5G, 4G, or LTE networks, which are connected to the internet through a mobile service provider, providing authentication and identity protection.
Step 3: Use a VPN (Virtual Private Network) and a dedicated IP address.
Using a VPN service provides an additional layer of security. A VPN service hides your own IP address behind another, in this case, a fixed IP address in Düsseldorf. This was crucial as the client’s website was no longer accessible online to prevent further access. However, by using the VPN IP address, we still had a way in.
Step 4: Content and Design Securing Strategy.
To successfully carry out content backup, it’s helpful to take the perspective of those who will work with the backup later on. It’s important to determine how and where the content should be accessed. In this case, textual content, usability elements, and full-page screenshots were consolidated into a document, and an offline backup of the entire website was created on a laptop.
From securing the existing content to redesigning it.
Once the seemingly lost contents were accessible again, a clear picture of the website’s redesign and development, along with the associated costs, could be established.