Every business should be doing everything it reasonably can to prevent its website from being hacked. But you also need to have at least a basic plan in place for what you are going to do if the worst does happen. Here are some tips to start with.
Turn off the site
Even if the site is still, technically, functional, you’re going to want to take it offline until you are sure everything is safe. Hackers may have added malicious code to your website, which could infect your users.
Taking your website down safely and effectively is an exercise in itself, so you may want to practice doing it beforehand so you know what, exactly, you need to do (obviously at times of low traffic).
Tell your host company
If you’re struggling, you could ask your host for help. Not only can your host often help to fix the problem, they may need to alert other people in case their own websites have been hacked, especially if you use hosting.
Double-check that Google still thinks you own your site
Head to Google Webmaster Tools. Once you are there, click “Search Console” and sign in. Click “Add a site” and type in your site’s URL. If you find the hacker’s details, you will need to redo the verification process, which may require you to bring your site back online temporarily.
Then go to your own search console, find your site and click “Manage site.” Then click “Add or remove users” and take very close look at the results. If there are any you don’t recognize, take a screenshot and a note of the details (especially the email) and then get rid of them.
Clean both your site and your server(s) thoroughly
You need to remove any trace of the hacker’s presence and this can require a lot of hard, painstaking, clean-up work. This part is so important that it might be worth paying for third-party, expert help.
In fact, you may even want to set aside a budget to allow for this and/or take out insurance against becoming the victim of cybercrime (which is exactly what hacking is).
Check if you need to inform the ICO
If the attack on your website has led to the “accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed” then you will need to tell the ICO and the people (potentially) concerned.
This is now mandatory and it is best to do it as quickly as possible. Procrastinating will not improve the situation and if you were one of the people impacted, you would want to be informed promptly.
Review and learn
There is no sense in beating yourself up about what happened. There is, however, usually a lot of sense in reviewing the situation and learning from it.