Imagine waking up one day to find someone has stolen your business’ primary domain name. Such a security breach would put your business at a standstill indefinitely and you may never be able to recover from this brand loss that comes with a stolen domain name.
They say “an ounce of prevention is worth a pound of cure” and this could not be more true when it comes to domain security. Here are 6 ways in which you can ensure that your business website is protected.
1. Domain Registration
Make sure to register your domain in your own name. This will list you as the registrant (the legal owner of the domain name), and your trusted employees listed as the administrative contact (the rightful person to make amends to the domain records) and the technical contact (the rightful person in charge of addressing any technical issues with the domain name). It should be noted that according to ICANN’s Inter-Registrar Transfer Policy, an administrative contact for a domain name has the authority to approve domain transfers. In case you are assigning the registration responsibility to a third-party vendor or agency, make sure your credentials are used for the process and you are registered as the owner and not the vendor or agency.
2. Password and Authentication
Use a strong password to protect your account from cyber criminals. Furthermore, use two-factor authentication (2FA) to add another layer of security to your account. There are various methods available to implement 2FA such as SMS tokens, email tokens, and phone calls. You are encouraged to inquire about the 2FA options made available to you by your reseller or registrar. Activating 2FA will prevent security breach since a cyber criminal would require both your password and your 2FA token to access your account.
3. Domain Management
If you have assigned the responsibility of registering your domain name to an agency or a trusted third party, it is wise to retain access of the domain management panel for yourself. This includes all domain related services such as DNS (Domain Name Server) management, activation/deactivation of privacy services, and domain contact management services. For instance, if your website and work email are using the same domain name, any change to your DNS will crash your work email along with your website.
4. Website Management
Access to upload or modify website elements should be given only to people you trust. Be careful who you give management access to; access can be broken into via the control panel or even to a single FTP user with appropriate read/write permissions. Providing limited access based on user type will help you maintain control over your website management and reduce account hijack risks.
5. Email Management
Most hosting services provide integrated email hosting where accounts can be created and managed. It is wise to remember that people managing email accounts can generate and rewrite email account passwords. Isolating email management with a trusted source is advisable. This will help you avoid potential email hijacking that may compromise your account and make your confidential business information available to an outside party. It is therefore recommended to segregate your domain management panel/domain contact information email address and not associate it with an email account that is being managed by a third person. Simply put, a compromised email account may lead to loss of control over your domain name management panel, which may potentially lead to domain hijacking.
6. Email Phishing
Fraudulent email messages usually have a link that asks you to insert your email or create an account. Cyber criminals often use this method to hijack accounts, so it is advisable to verify the authenticity of the website in question. Look for grammatical errors, tone of language, spelling mistakes; hover over any link in the email to see if it looks weird or atypical. It is advisable that you use a separate email for your WHOIS listing to avoid cyber scams, spam, and phishing attempts that may result in an account hack and subsequently a domain hijacking.
Did we miss any domain security tips? Please share in the comments below.
[divider]
Aman Masjide leads Compliance and Abuse Mitigation at Radix, the world’s 4th largest domain portfolio registry that offers new domain extensions such as .online, .store, .fun, .website, .tech, .host, site, .space & .press.
Very helpful article
Useful post, thanks
2FA authentication can be performed using a variety of methods including authentication apps, hardware tokens and Fido keys (as well as various biometric solutions). The main thing I would like to add to your list is staff training to help close the human factor weak points in security.