University hack and website down? The need for an emergency website in the event of a crisis

University hack and website down? The need for an emergency website in the event of a crisis

An emergency website is a safety net in the unexpected but possible event that your main website goes down. It is crucial for crisis management as it enables continuous communication even if the main site goes offline. This service is a smart investment to remain operational in the event of a cyber attack or technical failure. There is a fine line between accepting risks and taking steps to minimize those risks. The following case of a recently hacked university network in Germany illustrates the importance and value of a robust emergency response strategy.

Case Study: Crisis management with the help of an emergency website

In a recent and real-world incident, one of our clients, a leading educational institution, was the target of a cyberattack, resulting in a three-month shutdown of their entire infrastructure including their main website. In this critical time, the service of an emergency website proved its worth. Shortly after the attack, the data center redirected the main domain to a specially set up TYPO3 instance for emergencies, which served as a central communication channel for the entire duration of the outage. This step was crucial to maintaining the flow of information and ensuring the trust of the public and internal groups of people. The following section highlights how the challenges were overcome and what important lessons can be learned from them.

Technical Overcoming: Server Challenges and Their Solutions

The successful implementation of emergency planning in this cyberattack demonstrated the efficiency and reliability of the alternative system. First, the domain was seamlessly redirected to an external server located outside the customer data center. This measure ensured that redirection to the emergency site worked even if the original infrastructure failed completely.

When the site was initially set up, it was ensured that valid certificates were prepared to ensure a secure and trustworthy connection. Despite the unexpectedly high volume of data - traffic increased by 1200% in a very short time and inquiries increased to around 60,000 per day - the emergency website remained stable and accessible. This was possible because the pages came from a prepared content delivery network (CDN) that would have worked reliably even under a significantly higher load. Throughout the incident, our server team maintained and monitored the replacement servers to gain experience and identify threats. Possible DDoS attacks can be counteracted as quickly as possible by using cloud networks.

The university is currently still busy with renovation work that became necessary to secure the infrastructure. These improvements impact not only internal processes, but also external platforms, including proxies, firewalls, front-end access systems and single sign-on solutions (SSOs), to ensure an even more robust security architecture.

Overcoming communicative challenges

The emergency website served as a central platform for a variety of communication needs during the crisis. The original focus was on crisis communication by only providing updates on the unavailable tools as well as information on contact channels and contact persons. Over time, however, the requirements grew: appointments and additional information for the target group were required.

The challenge was to find a middle ground between the different wishes and at the same time to establish a central editorial team that ensures consistent communication of the most important points. Another important aspect was the conscious limitation of the emergency website to simple editorial options in order to keep both content and technical maintenance manageable.

After the original systems were reactivated, a final update was published on the emergency website, informing that the regular systems were again accessible and providing contacts for any outstanding questions or ongoing problems.

In this context, we recommend performing the transition to an emergency website as a test run on a weekend or evening. This helps prepare and test the processes in the event of a real hack. It is also advisable to define and prepare content in advance, which then only needs to be made live when it is actually used.

SEO challenges during and after the outage

Managing SEO during a website shutdown presents a novel challenge. To properly inform search engines, our emergency pages were marked with an HTTP status code of 503 (service unavailable) and a "Retry-After" header of 604,000 seconds (approximately 7 days ) delivered. This measure signals temporary unavailability without long-term effects on search engine rankings. In contrast to the status code 404 or a redirect (e.g. 307), the search engine is informed that the information provided is only available temporarily.

Our observations showed that website visibility decreased significantly during the outage. However, after being reactivated, the website was able to return to its original visibility status within four weeks. Interestingly, about a month after the outage, the first pages began to disappear from the Google index.

For effective SEO management, we recommend using Google Search Console for all public web projects. This allows for quick re-indexing of key URLs after the site is restored. It is also important to check broken links, which could either lead to pages that no longer exist or to the emergency page.

Once the regular website goes live again, the emergency page must be removed from the search engine index to avoid confusion and protect the main website's SEO profile.

Future Plans: Expanded services and support

Looking to the future, we are working to further improve and expand the range of services we offer. A key area is the provision of central replacement email addresses. This feature allows our customers to efficiently maintain various closed communication channels such as invoice receipt and shipping during an emergency.

In addition, we plan to intensify our support in the creation of crisis communication concepts. This includes developing emergency plans and defining responsibilities in advance. We would also like to offer standardized text modules as templates to help our customers react quickly and effectively to crisis situations.

These future developments aim to further strengthen our customers' resilience and responsiveness in times of crisis by providing comprehensive and user-friendly emergency communications and management solutions.