Twitter wheel together

How the right digital partner can help when your brand’s website is hacked

Symetris project leader Hubert Carignan shares his team's experience responding to a new client's website crisis and protecting them from future attacks.

It’s what all companies dread: a hack that compromises their website. More than ever, websites are vital components of a successful business, and companies suffer real losses—both to revenue and reputation—when their site is offline.

If this happens to your brand, engaging the right digital partner can ensure continuity, accelerate your website’s recovery, and address vulnerabilities to protect you from future attacks. 

To give you an idea of what an agency can do to help, and a sense of how quickly, project leader Hubert Carignan shares his team's experience responding to a new client's website crisis.

The Situation

Just after engaging a software development company as a new client, their existing website was hacked and needed to be taken offline. This was a critical situation, as the website was one of their main lead generation channels. Each day it was offline meant a significant loss in revenue.

The security breach happened on a website we didn’t build, and as this was a new partnership we were not yet acquainted with all the stakeholders. As a result, we had very little information going in as we took our initial crisis management steps.

Our first action was to create a sort of SWAT team to prepare a plan. We assembled a project leader, senior developers, analysts, and a production director and came up with three key objectives:

  1. Take back control of the situation and display a temporary landing page with a message from the client
  2. Analyze the hack and put the full website back online while adding necessary security to make sure it stays online once back up
  3. Explain how the website was compromised and provide recommendations for further securing the website to prevent this situation from reoccurring

Taking Back Control

We organized a kickoff meeting with all the essential stakeholders to share the plan, immediate timeline, communication channels, and the decision-making process going forward. 

Technical experts on both our side and the client teamed up to put a landing page online as a stopgap. And we established a primary point of contact between the client and us to share information efficiently with all key players.

This entire process was completed in a single business day.

Getting the Site Back Online

During the effort to get the main site back online, our project leader prepared a daily report outlining the work completed, our planned next steps, and any roadblocks. This report was used by everyone on the client-side, from the developer working actively with us to the VP overseeing the situation and managing internal/external communications.

As these efforts were not in the contract we had with them—which had dedicated tasks already estimated—we gave the client an overview of the time we planned to spend on the situation. Our crisis team, working closely with the client, aimed to strike the best balance between putting the site online quickly and adding the necessary security. Key players in the decision to go back online were identified, and our team documented all the recommendations we had to further increase website stability and security after resolution of the initial crisis.

We spent two weeks on this phase. Once the site went back online, it wasn’t hacked again and has maintained its regular uptime. These results represent this specific situation, of course. Each hack requires its own analysis and security.

An Opportunity for Growth

Not all stakeholders have a technical background, and it was important for the client to understand what happened and the best way forward. Within a week, our team prepared a debrief to present to all relevant stakeholders on the client-side to foster this understanding.

During this presentation, we:

  • Summarised the timeline of the attack, identifying the cause and our efforts to address the breach
  • Created and documented new process to follow in case the site had an issue again
  • Listed our security and stability recommendations for the short-, mid-, and long term to prevent similar security breaches from happening again.

As you can imagine, this baptism by fire as we worked with a new client to re-establish control of their website quickly built trust between our two teams. By providing our post-breach analysis of what went wrong and putting new, robust processes into place, we ensured that the client’s website was more secure than before, in both team, process and technology.

If your site has recently been compromised, or if you’d like guidance on measures you can take to mitigate the risk, contact us for a consultation using the form below.