Why You Must Take Domain Name Security Seriously
There are more than 370 million registered domain names on the Internet. Millions remain unused. And some haven't been updated in years, mostly because the companies that registered them forgot about them.
Companies would never forget where their offices are, yet they regularly lose track of their "online real estate". And that is a serious threat to the safety and viability of their operations.
Businesses often own thousands of domain names. This makes good business sense: Marketing can use unique landing pages for various advertising measures or campaigns. Corporate lawyers can even buy up similar – but incorrect – spellings of the flagship domain in order to ward off fake product lines, unwanted complaints or phishing attacks.
But it's surprisingly easy to lose track of all of these domain names – or leave them unsecured. For example, employees can register domains and forget to renew the registrations. Or they register domain names themselves and then leave the company.
Such practices pose enormous risks to a company's reputation and bottom line.
Domain Name Security Risks
If companies don't block their domains, those domains can be subject to automatic updates from strangers, including hackers. Only 17% of the world's 2,000 largest public companies block their domains with the highest level of protection offered – and 14% have no protection at all.
There are many other security problems with domain names: Only half of all domains use DMARC, a system that prevents email spoofing. Only 60% of domains have a Secure Sockets Layer (SSL), a digital certificate that prevents sensitive information from being stolen. Only 3.5% of the 2,000 largest companies use Domain Name System Security Extensions that prevent common hacking tactics – e. B. "Cache-Poisoning" – or "Man-in-the-Middle" attacks.
A good overview of domain registrations can also help companies comply with data protection laws. Many countries and California require "cookie banners" to alert visitors that their information is being collected. A business can risk hefty fines if a bad domain that everyone has forgotten to "steal" user data without the required cookie notification.
You can track incorrectly registered domains again. Imagine if an employee registers a domain for his company in his own name, then gets fired or leaves in bad conditions. He could use this domain to beat up his former employer and attract potential customers to his cause.
This is how you keep the domain name safe
There are several simple ways to manage your domain portfolios to protect yourself from domain name security issues.
First and foremost, create a new domain name registration policy that will dictate who can register domain names, when to submit registration requests, how and where to submit requests, and which domain names to register. Involve IT, branding, marketing, legal, and other departments that interact with domains in drafting the policy.
A strong, clearly formulated domain name policy ensures that every employee understands how to correctly and securely register a new domain. Once completed, the policy should be widely distributed and easily accessible to all employees.
You can take other concrete steps, such as: B. Create "Brand Levels" to better manage domain name inquiries and rank the inquiries based on criteria such as shelf life and geographic reach. A universal domain name request form can help staff handling these requests prioritize them.
An annual domain name review is also a good idea. Marketing can perform an audit to ensure that all domains are still in use. IT staff can investigate whether there are server failures.
It is also important that registered domains adhere to the correct security protocols. For example, all domains should be blocked with at least the status code "clientTransferProhibited", which blocks the transfer of domains to new registrants, unless a user provides an authorization code. Blocked statuses prevent fraud and automated updates.
Also, make sure that your domain registrations are automatically renewed to avoid downtime. Relying on credit cards to renew registration is especially risky as the credit card on file could expire.
You should also regularly check your domain names for common mistakes. For example, make sure that domain names go to the same location regardless of whether there is a "www" in front of the name.
HTTP statuses are also worth checking. These are notes from the server about a request to call up a specific page. The statuses to look for are 200 "OK", which indicates successful interaction between the browser and server, and 301 "Permanently moved", which tells users the new location of a page.
Domain management software can make it easier to implement the best practices in this article and, in some cases, cut the time employees spend on domain compliance in half. Standard domain management software enables users to compile dozens of domain name tables in one central location, as well as review the security flow status and key performance indicators for each domain name registered with a company.
If you ignore your domain portfolios and domain name security, you do so at your own risk. Solid policies and competent domain managers can save you a lot of time, money, and stress.
More resources on domain name security
The Domain Name System (DNS): Complex technology explained in simple terms (infographic)
Your website url: a more expensive.com domain name … or those creative alternatives?
Three reasons long-term domain registrations make sense