When business coach and author Mandie Holgate was hacked two years ago, it cost her £20,000-£30,000 and left her without a website for six months. Her two sites – one to promote her services and the other a business school and networking organisation – were attacked after a web-design firm she used hosted them on a cheap US-based platform with minimal security, without her knowledge.
She was alerted when her attempt to send an email resulted in an error message saying she was sending 500 messages an hour. The hackers had used her email address to spam people, and within 15 days both sites had been listed on Spamhaus.
“There were about 300 hidden websites on my site, so they were using my ability, in terms of SEO, to promote other companies,” she recalls. “They damaged the code so it looked like I was selling things no business owner would ever want to be selling.”
Her first concern was for her customers and business partners (including 10 people who had purchased a licence to trade through the business networking site).
“My saving grace was that I didn’t have any personal details on anything that wasn’t highly password protected,” she says. “It meant they couldn’t get any further than destroying my site.”
The reluctance of the web-design company to accept responsibility initially lefther unable to contact the hosting platform. But with the help of another designer and cyber security company Spritz Monkey, she started the recovery process.
“I learned a lot,” she says. “My concern is that small and large businesses are employing people to make ‘pretty’ sites which are ultimately not secure.”