Cyber attacks – not the exception, but the rule.
Hacker attacks destroy websites, steal customer data, encrypt entire IT systems of companies and thus cause considerable economic damage.
In Austria, the number of ransomware attacks has increased sharply. According to a study by Deloitte and SORA, almost half of the companies surveyed have already experienced a ransomware attack. Despite the threatening situation, very few companies have a crisis or emergency plan.
The damage is often not only of a purely technical nature.
In the case of our client, the website, which had been maintained for years, was suddenly no longer usable. Furthermore, backups, although available, were just as “infected” as the website itself. As a result, the attackers could no longer get out of the system.
The contents of the website, its images, texts and layouts were thus lost. This is a big blow because this “old” content is vital for the new creation. After all, it can be built on the work already done.
While the technical damage may be quickly apparent and quantified, the communicative impairment is challenging to assess and replace. If all texts, images, and UX/UI designs have to be re-created – this leads to a Herculean task in terms of communication.
How can a website be secured in terms of its content?
A good IT security concept and measures to detect attacks are crucial. However, it is just as essential to sensitize employees through training and to introduce them to the correct operation of technical systems.
On a communicative and creative level, it is essential to archive content in a structured way and keep it accessible. A systematic approach to communication defines and documents when, where and how which customer group was addressed. This avoids repeating work and allows us to fall back on a content and design system in case of damage.
101: Secure website.
- run current security updates
- change the system when updates expire
- back-ups: systematic and long-term
- use a firewall and security scanners.
How could we save the content of the website?
Step 1: Use a secured system.
2022 ended with an exciting assignment for us. Instead of designing and rebuilding, we were tasked with securing and rescuing a website. Because the website was paralysed by attacks from Hong Kong, and its content was lost.
Step 2: Use a secure network.
Mobile Internet has a much higher level of security than DSL routers or WLAN routers. This is because DSL routers are easy to decrypt and hack, and WLAN routers are accessible to attacks from outside. “Mobile data” is encrypted. 5G, 4G, and LTE networks connect to the Internet via a mobile carrier. Identity is authenticated and protected.
Step 3: VPN, virtual private network and “dedicated” IP.
Another “layer” of security is provided by the use of a VPN. A VPN service disguises its IP address behind another, in our case, behind a constant IP address in Düsseldorf. This was important because our customer’s website was no longer accessible online to prevent further access. Only one door remained open for us, namely the one through our VPN IP address.
Step 4: Strategy for securing content and designs.
To successfully back up the content, it helps to take the perspective of those who will work with the backup later. It is essential to determine how and where the content will be accessed. In our case, this resulted in a backup in the form of textual content, usability, and full-page screenshots combined into one document and an offline backup of the entire site on a laptop.
From preservation to redesign.
Now that the content that was thought lost is accessible again, a clear picture emerges for redesign and development and the associated costs.