The website your digital agency built for a small business client just got hacked. Now what? | Christian Redshaw | Cyber.SC's

 

Once upon a time, there were two digital agencies. Both agencies had eye-catching websites, showcased high-profile clients and offered design, media and marketing services. The owners of the two agencies knew each other. In fact, they were roommates in college. The name of the first agency was Grasshopper Marketing. The second agency was called ANT Media. ANT Media was growing their business, generating revenue and making sure they had all the necessary pieces of cyber security in place. While ANT Media worked hard all year, even during the summer, which many agencies consider to be the slower months, Grasshopper Marketing was also busy growing. They were, however, focusing exclusively on generating revenue.

Here's why that's a problem ...

One day, while enjoying lunch at a local restaurant, the owner of ANT Media spotted his old friend and owner of Grasshopper Marketing. They talked and enjoyed catching up, laughing together and exchanging old stories from their college days. The conversation then shifted to business, and the two agency owners compared notes. Among other things, ANT Media’s owner told his friend about the emphasis they had been placing on cyber security. He explains some of the things that ANT Media had put in place: “We incorporated ‘Cyber Security By Design’ as a competitive value differentiator for our clients. We took measures to prevent their data from being altered (Data Integrity), accessed (Data Confidentiality), sabotaged or taken offline (Data Availability). We’ve been able to showcase these core strategic priorities to our current and future clients in our business development and marketing materials - embedding ‘Digital Trust’ into our interactions with clients and prospects.”

He continued, “We’ve been practising good cyber hygiene by setting (and testing) automatic, off-site backups so that if any of our clients’ websites go down, we can easily revert to a backup version without scrambling. We use strong passwords, password managers and Multi-Factor Authentication wherever possible, knowing that many agencies will use the same weak password for multiple clients.”

He told his friend that ANT Marketing was aware that not maintaining and keeping the website platforms they use (WordPress, Joomla, Drupal etc.) up-to-date, creates vulnerabilities for bad guys to take down their websites. “That’s why we made sure we were following best practices and that those platforms are updated on a continuous basis (at least monthly). We also know that if a developer’s laptop or workstation is susceptible to malware, that malware could jump to our network as well as to the websites being developed for our clients. To deal with this risk, we leveraged an anti-malware solution which is centrally managed, to make sure those computers are receiving regular updates.”

The owner of Grasshopper media was smiling and nodding politely as he listened to his friend talk about a subject that wasn’t on his radar as of yet. “One other thing is that we leveraged a firewall for the website (web application firewall) to further protect our website from being hacked.” At the end of the meeting, they exchanged email addresses, and the owner of ANT Media offered to send his friend some links to the cyber security videos and articles he had seen that helped them get started. The CEO of Grasshopper Marketing thanked him and said, “Yes, please do,” but he thought to himself, “Why bother with cyber security? We’ve never had issues before.” Grasshopper Marketing decided to continue on with business as usual.

A few months later, one of Grasshopper Marketing’s client’s websites unexpectedly suffered a cyber attack. This resulted in the website being brought offline and inaccessible. The very valued, but disoriented client, promptly gave Grasshopper Marketing a phone call and said, in a panic, that their website is not working. The owner of the client said, “Our site is down, which means our e-commerce is down and we can’t take orders which means we can’t make money!” “What’s going on?” Grasshopper Marketing was now scrambling to get the site back up but can’t seem to make it work. Since the website was hit with a special brand of malware, it is serving up malware to visitors of the URL, thereby infecting the visitors’ computers, laptops and mobile devices. Grasshopper Marketing’s client was now faced with a choice: They can bring in some technology resources to try and recover the website, or they can choose to have the site rebuilt from scratch. They might hold Grasshopper Marketing to the fire and have them rebuild the site and insist that Grasshopper compensate them financially for the ongoing lost revenue in the meantime. Alternatively, they might leave and choose another agency to work with who has a demonstrated track record of secure web development.

In the end, the client decided to cut ties with Grasshopper Marketing. They ask a trusted business advisor if they could recommend a reputable digital agency. The agency the advisor pointed them to was… ANT Media.

 

Coming Soon: The Cyber Security CourseTM

Small and mid-size organizations are squarely in the crosshairs of cyber criminals. Conversely, SMBs are categorically the least prepared to prevent, detect and respond to a cyber attack when compared to larger enterprises. If you think your IT provider has got it covered or that you don’t need to worry because you use the cloud, you are in dangerous territory. The Cyber Security CourseTM is a non-technical, quick-start program for every organization that wants to protect their information assets but doesn’t know where to begin. You will be guided step-by-step by Dominic Vogel, your Cyber Security Advisor, who will help you put 9 layers of real-world cyber security protections in place for your organization. Establishing these layers of protection will help you prevent, detect and rapidly respond to cyber attacks against your organization. This amounts to measurable, rapid risk reduction for you with minimal investment of your time and resources.

We’ll be making more information about how your team can register for this course available soon!

 

About Christian Redshaw

Christian regularly contributes knowledge and resources to our guides and our blog. He has a background in risk management and insurance and is passionate about helping companies grow and succeed. In addition to Cyber.SC’s own guides and blogs, Christian co-hosts the “Cyber Security Matters Podcast” with Cyber.SC Founder and Chief Strategist, Dominic Vogel (another powerful ally who has guided us over the years), doing a deeper dive on a broad range of privacy and security issues with a variety of expert guests. (Cyber Security Matters is a partnered program of Conversations That Matter.)

Christian loves to innovate in business, combine things in unique ways and do things that have never been done before. “My favourite part about business and entrepreneurship is partnering with other business leaders to offer more value to their clients and ours.”

No organization is immune to cyber attacks, but the team at Cyber.SC works to make your data security as close to impenetrable as possible. Your employees, suppliers and business partners rely on your organization to keep your networks secure and their private information safe. The team at Cyber.SC understands that this is a non-transferable liability for you. They make it their business to help you build protection around all the critical points in your organization so that your operations can continue to run smoothly and securely.

 


 

Looking for more small business help?

 

The Ultimate Small Business Survival Guide
The Ultimate Small Business Survival Guide is Here

We've been helping InspireHUB clients not just survive during this time but THRIVE! We collected all of our advice and made it available for FREE as our great big give-back during this difficult time. Included in this FREE Guide:

  • Transformation Readiness Assessment
  • Practical Marketing Help
  • Proven Strategies to Pivot Your Company

Check it out now!


 

Loving Remote: a Path to Leading an Inspirational Culture that Employees Love!
Lead an Inspirational Remote Work Culture that Employees Love!

At InspireHUB, we get it. We've been a 100% remote workplace for more than 7 years, and are the first to admit we were UN-InspireHUB while we learned to grow into it.

We put this book together because we saw so many people struggling as they've had to adapt to this new way of working overnight.

Here's how you can use it to grow YOUR small business too ...


Included in this FREE Guide:

  • Why your remote team is experiencing fatigue.
  • Understanding how leaders and employees have vastly different remote experiences.
  • The lines you cannot cross with employee privacy when working remote.
  • How to gamify your remote workforce.
  • The rules of virtual engagement when it comes to working remotely.
  • How the rules of meeting etiquette change in virtual meetings and why you must understand the difference!

Start reading LOVING REMOTE now.


 

Related Posts

Introducing guest blogger Cyber.SC’s Christian Redshaw

Cyber security is an essential investment that helps to protect your brand. Unfortunately, many of the world’s most popular digital platforms for small business also tend to be the least secure. Small businesses, in particular, are vulnerable. Prior to the pandemic, research showed that 60% of small businesses close within six months of a cyber attack. With “work from home” becoming a more permanent reality for many businesses globally, there is an increased risk of bad-faith actors taking advantage of the fact that more people are online now than ever before.

The companies that survive—and ultimately thrive—understand they need to protect what they build online. They also commit to creating a strong business culture that teaches every employee the basic principles of privacy and security.

At InspireHUB, we partnered with Cyber.SC as part of our commitment. We also provide every one of our clients with security awareness training (at no charge), so they can keep every area of their business strong. Cyber.SC Principal, Christian Redshaw, is one of our most valued allies!

Click through to find out why...

3 questions to save you from hiring the wrong digital and development partner.

Your business is at a point where it needs to bring on a new digital and development partner.  Whether it’s because the current digital project has completely been derailed or you’re just starting out, most companies are not asking the right questions around one of the most important decisions that can have significant business impacts.

If you’re reading this article because you’re currently frustrated by non-delivery with your current developers, you will likely find this incredibly insightful.

These questions will help you hire the right digital and development team that delivers...

 

 

Topics: small business, security, privacy, data security, compliance management, risk management, best practices, differentiation strategy, cybercrime, digital agencies, cybersecurity, digital professionals, Cyber Security Bootcamp, cyberattacks, digital transformation, digital agency, Cyber.sc, digital trust, Christian Redshaw, cyber security, cyber crime, secure networks, cyber attacks, Cyber Security By Design, data integrity, data availability, business development, cyber hygiene, competitive value, data confidentiality, strategic priorities, Multi-Factor Authentication, malware, firewall, secure web development

Subscribe to Our Blog

BEA Innovation Award 2018
Formstack Certified Partner