While dealing with a nasty pharma injection virus on a client's website, I got to work with Jim Walker, entrepreneur and website security expert. His knowledge and insights proved to be invaluable so I asked him for an interview.
Jim was gracious enough to share his time and insights, which I now pass along to you.
WIB: How common is it for websites to be compromised without the site owner knowing it and should they be concerned about unknown compromises?
It's not terribly common for websites to be hacked without the owners knowledge, at least not for very long. Google will often catch a website with suspicious or malicious file content within a matter of days, then close the website within Google's index respectively.
The message you may have seen within Google.com, like "This site may be compromised" or "This site may harm your computer" are a result of Google's malware scanners doing their job in identifying suspicious or hacked websites.
There are of course hacks developed specifically to spy on client data, and because they are hidden Google will not see these types of hacks in their daily scans. This type of professional hack is extremely uncommon and generally occur on only the largest of websites.
That said, choosing a web hosting company whose home page discusses website security will often decrease the odds of being hacked as well as reduce the turnaround time in recovering from the "I've been hacked" situation.
I've experienced first hand client's attempting to get help from their hosting company only to be told, "security is your responsibility, sorry we can't help you." Sadly, where web site hacking is concerned, choosing to host a website with one of the "mega hosts" whose general claim to fame are their wacky TV ads often ends badly.
WIB: Most people dread calling any tech support number because they encounter automated systems where they get lost or disconnected, and many companies outsource technical support to other countries where callers are given answers read from script cards. What made you decided to put the "human touch" back into your customer relationships?
We have two service operations, one TVCNet.com, a security focused hosting company and the other Hackrepair.com, which focuses on fixing hacked websites. We believe customer service is the key to building long term relationships with our clients. The human touch you mention is as much a marketing benefit as simply something we like to do.
It's a lot harder to get new customers than retain the ones you have. So retention is our primary marketing device as odd as that may sound. SEO and word of mouth marketing are still aspects of our marketing and sales program, though I find a business is much more fun and interesting when you can make friends for life. I've lost count of the decade old clients we provide service too. It's always a delight for me to receive get a call from one of our clients who we've been working with since the '90s. It feels like a family reunion at times. This helps me personally maintain a focus on people, instead of outsourcing the supposedly hard parts of the business.
Customer service, if managed well, can be the easiest aspect of a business to operate. So I like to say, that taking care of people- it's what I do.
WIB: How can a website owner know when it is time to call in a professional?
This can be a tough call. The average non-business person may think money is more important than time, so may choose to devote days in attempting to resolve a perplexing technical problem on their own; or ask friends or family to help.
In business, we learn time and focus are often far more important than the cost of having an expert fix a troubling problem, that is, if the cost of fixing the problem is reasonable.
If a person is spending time attempting to fix a problem and not selling their service I think many would argue that person is out of business. We can normally fix a hacked website situation in a matter of hours. So I guess the real question becomes "how much is your time worth."
WIB: How forgiving is Google of hacks and malware once the site is clean up? And, do you have any tips for getting your website?s credibility established in search engines again?
Google can be quite forgiving. While the website is down or while Google lists the website as compromised the situation is pretty bleak (adwords are put on hold and links in Google are blocked.)
Website owners who have someone who can help them in stepping up their search engine optimization, pay per click and social media marketing soon after a hacking situation will barely notice a drop in ranking. Otherwise, if one does nothing following Google marking a website as compromised ranking usually recovers nicely within a couple months.
Word to the wise here, is to step up your online marketing a bit above the norm for a few weeks following the event and you'll be fine. Google is after all, all about content, so focusing on good content building will cover most bad press situations fairly quickly.
WIB: Is shared hosting worth the risk?
Shared hosting is only as good as how it's used. I wrote a rather aggressive article on this at Hackrepair.com, titled, "Why Shared Hosting Can Be Bad For The Health Of Your Web Design Business." My goal in writing the article was to help clarify for web designers the serious downsides in hosting multiple accounts within a single shared directory.
Hosting a single or even a few websites within a shared account is generally OK. I'll quote a bit from the article, "So, while convenient, 'dorm room style hosting' trades security for convenience." In short, if you run a business or multiple websites there are solutions to hosting security, which I describe in the article. Otherwise, shared hosting is a great way to host a "single" website- hosting multiple websites, well, not so much.
Jim Walker is a website security expert. His California based company has been in business for more than thirteen years and has offered website hosting since 1997. The most customer service friendly web host company, TVCNet has an impressive collection of customer references available, http://tvcnet.com/t. Jim Walker can be reached at (619) 479-9937 or via email at Jim@tvcnet.com.