Imagine this: Early one morning, you get a panicked call from an employee telling you to check your company’s website. When you do, you find a strange image and unfamiliar text on your computer screen. You reload the page, expecting your home page to appear, but it doesn’t. Then you realize what’s wrong: You’ve been hacked.

This scenario may seem far-fetched, but statistics suggest it’s not. Sometimes, the attacks are invisible and the business owners don’t even realize they have been hacked. I’ve heard of cases where hackers infect sites with harmful code that records keystrokes on visitors’ computers, stealing their login credentials and payment information. Because hackers use automated scanning tools to pinpoint websites with vulnerabilities, small businesses are often at greater risk since they tend to lack the sophisticated safeguards of larger companies.

So, what should you do if your website is hit by hackers? Here are three steps to follow:

1. Contact your Web hosting provider.

Your provider may be able to assess the problem and work with you to recover your site. You may need to find and remove any harmful code the hacker inserted into your website files. Check online discussion forums to see if others have experienced the same problem and learn how they resolved it.

2. Shut down the site temporarily.

Depending on your level of technical skill, you want to take your site offline through the hosting control panel. If you don’t feel comfortable doing this yourself, your Web hosting provider can take down the site. This can help stop hackers from causing further damage and protect anyone wanting to visit the site. Change all the passwords associated with your website, including those for your hosting account control panel, FTP accounts, and others. (Your Web hosting provider may be able to help with this step.) This can make it more difficult for hackers to re-enter your system.

3. Keep your customers updated.

Let your customers know what happened early on. Explain in simple terms what you’ve done to fix the problem and any steps that customers should take, such as changing their login credentials to your site. I’ve seen companies do this through social media. Customers seem to appreciate the transparency. If credit card numbers or other financial information were compromised, contact your payment processing company immediately and know your legal obligations for reporting a breach.

Stop future hack attacks

Once your website is back online, here’s what you can do to help prevent hackers from striking again:

Review your website coding.

In some cases, there may be flaws in the code used to build your site that make it vulnerable to threats. Ask a developer to review your coding to see if there are ways to make it more secure and to be sure any harmful code planted by the hacker has been removed.

Check computers.

Scan your computers to see if they were affected by malware. Many anti-malware tools are available online, although, be sure to use one from a reputable source. You could also use a remote tech support service to identify and fix any problems.

Strengthen your firewall.

Work with your IT staff or a consultant to evaluate your firewall security. A good firewall can help stop attacks and lessen other online threats. A network-based firewall can provide strong protection, while saving you the trouble of configuring and maintaining firewalls in-house.

Has your website ever been hacked? I would love to hear how you fixed the problem and the steps you took to protect it. Share your experience below.