But there are actually mistakes you could totally avoid. Trust me. [Scroll for VIDEO]
As a small business, you learn how to make a dollar stretch and where to trim the fat. As small business owners, we typically wear many hats from accountants to human resources, creative directors to technicians. While I pride myself in my ability to fail fast and learn quickly, this year I learned that sometimes the smartest thing you can do is just pay someone else to take care of certain jobs.
To backtrack – I’ve been responsible for my own website for nearly ten years; I’ve managed several blogs and I’ve helped companies plan new websites from concept to execution. In some cases I’ve been responsible for complete project management, while in others teams divvied up responsibilities. I consider myself pretty web-savvy; I always use products and vendors based on recommendations via colleagues and experts plus I work hard to stay up-to-date on the industry through mastermind groups and education. While I’m happiest working with clients on website planning (e.g.: purpose, content, business outcomes) I always defer to website developers for their expertise. In the last few years websites have become more sophisticated and security has catapulted to top priority, whether you’re involved in e-commerce or simple blogging. Recently I had a spectacularly awful experience with website security.
Here’s what happened:
Like many nights before, I woke at 2:30 a.m. and couldn’t get back to sleep (I’m sure other small business owners can relate – too many sleepless nights to count!) After a few minutes of tossing around, I decided my effort would be better spent working.
I sat down at my desk, coffee in hand and opened my email. Like a gift from Santa, there it was – a lead from HubSpot. However, my excitement quickly turned to absolute horror when I realized that the lead came in from a page I had never created on my website. [The webpage was of the “adult” variety.]
I sat back for a minute, heart-racing and thought this must be some kind of mistake with HubSpot. That hope was swiftly dashed knowing that the page title structure was mine. But how?
I began a live chat with my hosting company who were in the process of having my site scanned. At a little after three in the morning, I began the process of recovering an allegedly hacked site.
How much is a clean site worth to you? (Ask yourself the time it will take to figure out the issue, fix it plus the cost of your time and potential revenue loss.)
Let’s just say that your hosting company recommends that you buy a product for $500 USD and everything would be fixed. $500 USD is a lot for a small business to choke down (especially close to the holidays) but I felt it was the smartest thing to do. I paid the fee and a few hours later, was told the site was back up and running as normal. When I asked about the hack and where it occurred, crickets. But that’s neither here nor there; I was relieved that it was over.
The following Monday I tried to post to Facebook and realized that the image preview was no longer there. I had heard about this before; when a site isn’t considered secure, most social channels will block images because they could be infected with malware. Fortunately I had access to Facebook debugger, so I could check to get a report of the data they see from when pulling my website. In this case, we confirmed that it was an SSL issue. I immediately started a chat with my host to request that they fix it (which, to their credit, they worked on immediately.) But while they were configuring the SSL, I noticed that my website was redirecting to a totally different website. Again, I panicked and told the host customer service representative but they kept reiterating that the site looked fine on their end. Fortunately, I’m also super savvy with screenshots and thought this may be a problem, so took one immediately. When I realized that the conversation wasn’t going anywhere with regard to the redirect, I called the security company (the one I bought the $500 USD service from.) They began troubleshooting and not only did they confirm the redirect but informed me that the host company had not configured the security features for my site like they said they had. This was an overwhelming situation that resulted in two days of lost business time, a dip in rankings and aged me several years.
What went wrong?
Lack of Understanding. I had no idea what I was buying or how it would work. I didn’t take ownership of understanding the steps that would happen because if I had, I would have known that it wasn’t configured properly (or at all.)
Breakdown in communication. There was so many people involved in this issue that communication came to a standstill. The CSRs on the phone told me to go to social media (I started a ticket there) and the Security company that they were partnered with had their hands tied. There was no flow for handling the issue – just a lot of finger-pointing “par for the course with …..” read one CSR of another CSRs notes. (hah.)
No one wanted to take accountability. There was no flow for handling the issue, just a lot of finger-pointing “par for the course with …..” read one CSR of another CSRs notes. Beyond the immediate security issue, even with the redirect the host didn’t want to take ownership. It was only later that I learned from other experts that this can happen easily on shared hosting and if they had just admitted the mistake, we could have just moved forward. Instead, it exacerbated my lack of trust in them and their operations.
What Was The Outcome:
Everything that happened with my site, including two lost business days, several hours on the phone troubleshooting an issue that I’m still not sure existed left me feeling vulnerable. The right thing for them to do was to issue a refund as soon as they realized they hadn’t performed the service I paid for. However, this realization did not come easy to them. It was only after 12 hours of being passed around online and offline, using my mom voice and the threat of escalating it to my CC company and finally the straw that broke the camels back seemed to be a tweet to the FTC. There were moments of total frustration, but there were also moments of laughter with customer service reps who also couldn’t believe how crazy the situation was. And truthfully, I felt sorry for those who knew the right thing to do but weren’t empowered to do it. On a humorous note, the hosting company prides itself on not leaving customers on hold (I saw a YouTube video recently where an employee covertly recorded a meeting where they talked about sometimes leaving customers on hold for a long time.) I was totally one of those customers. At one point, I think I waited 30 minutes. I’m such a sucker.
How could this mistake have been avoided:
Do not Panic. It is easy to lose the ability to think rationally. But when you aren’t thinking rationally you make snap judgements (usually based on fear.) If I had taken a minute to think about next steps, rather than reacting immediately I could have been more strategic. I would have learned that there are other options, such as third parties not connected to the hosting company.
Work With Trusted Website Experts. Don’t underestimate the importance of working with people who know what they’re doing, no matter the industry. This is where you truly get what you pay for. Theres’s a reason that high-quality websites cost as much as they do, the developers have the expertise! Setting up basic sites is fine, but when you get into sites that require more technical help, ecommerce, exchange of personal information you need a developer who understands security beyond the basics.
Customer Service Is Everything. Having a customer service plan in place for these situations is critical. It does not matter how awesome your social media team is, if your solution is to try to wait out an angry customer things may get worse for you, rather than better. In this case, they encouraged me to work through social media. The social media team completely ignored me. I felt really bad for them; it would be awful to work in an environment where you’re not empowered to do the right thing.
Use your networks. When I was feeling totally helpless and vulnerable, I reached out to a web mastermind group and asked for their guidance. They recommended things like backing up the site immediately and quietly finding another host company before pulling the plug. Many of them offered to walk me through the process, which was a great comfort at a stressful time. So if you’re not part of any networking groups I highly recommend joining one; chances are when you encounter an issue related to your business (online or offline) someone in the group will have had experience you can learn from.
Keep good records. As a small business owner you will encounter situations that may be complex, my best advice is to keep records of conversations and directions. Several months prior to this issue, I asked my host company about security on my site. Long story short, the stories were incongruent between the CSRs from my host company and the security company; and within the levels of management. I was thankful to have had notes to refer to as CSRs changed.
Always have a Plan B. Having a Plan B for when your site goes down can cut-down on headaches and stress. Since I had never experienced this before, I didn’t have a plan for what I would do with the content I had scheduled for social channels that linked back to my site. Nor a plan to redirect people who used search to find me (instead, they landed on an awful splash page.) This is especially important for anyone working in ecommerce. What is your plan if your site goes down?
This situation was frustrating on a level I had never experienced before. It was also very eye-opening and offered a tremendous lesson. My focus is always on operating in the best interests of my clients so I take for granted that not everyone does the same. I was easy pickins because I was panicked, I didn’t have a plan nor the knowledge to navigate this situation. The best outcome is that this situation reaffirmed why I do what I do. I know that people choose to work with me because they know I will guide them the best way I know how and my concern is for helping, not making a quick buck. I hope you can learn from my aging mistake!
Best wishes for 2018!
Get Started With Social Media Management
What is a social media competitive analysis and why does my small business need one?
How should businesses create a plan for social media and how will they track their success?
Social media training: where to start