How to Take Domain Name Security Seriously

There are over 370 million domain names registered on the Internet. Millions are unused. And some haven’t been updated in years, largely because the companies that registered them forgot about them.

Companies will never forget where their offices are, but they regularly lose track of their “online real estate”. And it is a serious threat to the security and viability of their operations.

Companies often own thousands of domain names. This makes business sense: marketing can use unique landing pages for different promotional efforts or campaigns. Company lawyers can even purchase similar, but incorrect, spellings of the flagship domain to prevent fake product lines, unwanted complaints, or phishing attacks.

But it’s surprisingly easy to lose track of all those domain names or leave them unsecured. Employees can register domains and forget to renew registrations, for example. Or they can register domain names themselves and then leave the company.

Such practices present enormous risks to the reputation and bottom line of companies.

Domain Name Security Risks

When companies don’t lock down their domains, those domains can be subject to automatic updates from unknown parties, including hackers. Only 17% of the world’s top 2,000 public companies lock their domains with the highest level of protection offered, and 14% have no protection at all.

Other domain name security issues abound: Only half of all domains use DMARC, a system that prevents email spoofing. Only 60% of domains have SSL (Secure Sockets Layer), a digital certificate that prevents the theft of sensitive information. Only 3.5% of the top 2,000 companies use domain name system security extensions, which prevent common hacking tactics, such as “cache poisoning” or “man-in-the-middle” attacks. “.

Keeping track of domain registrations can also help businesses comply with privacy laws. Many countries and California require “cookie banners” that notify visitors that their data will be collected. A company can risk huge fines if a roaming domain that no one else knows about is caught ‘stealing’ user data without the required cookie notification.

Improperly registered domains can come back to haunt you. Imagine an employee registering a domain for his company in his own name and then being fired or leaving on bad terms. He could use this domain to denigrate his former employer and win over potential clients to his cause.

How to Maintain Domain Name Security

There are several easy ways to manage your domain portfolios to guard against domain name security headaches.

First, create a policy for new domain name registrations that dictates who can register domain names, when registration requests can be submitted, how and where to submit requests, and what domain names must be recorded. Involve IT, brand, marketing, legal, and other departments that interact with the domains in policy development.

A strong and clearly written domain name policy ensures that every employee understands how to register a new domain correctly and securely. Once finalized, the policy should be widely distributed and easily accessible to all employees.

You can take other concrete steps, such as creating “brand tiers” to better manage domain name requests, and categorizing requests based on criteria such as shelf life and geographic scope. A universal domain name request form can help employees who process these requests prioritize them.

An annual domain name review is also a good idea. The marketing department can perform an audit to ensure that all domains are still in use. IT staff can check for server outages.

It is also crucial that registered domains adhere to appropriate security protocols. For example, all domains must be locked with at least a “clientTransferProhibited” status code which will block transfer of domains to new registrants unless a user provides an authorization code. Locked statuses prevent fraud and automated updates.

Also, make sure your domain registrations automatically renew to avoid lapses. Relying on credit cards to renew registration is particularly risky because the credit card on file could expire.

You should also regularly review your domain names for common errors. For example, make sure domain names point to the same location whether or not there’s a “www” before the name.

HTTP statuses are also worth checking. These are notes from the server regarding a request to view a certain page. The statuses to look for are 200 “OK”, which indicates a successful interaction between the browser and the server, and 301 “Moved Permanently”, which lets users know the new location of a page.

Domain management software can make it easier to implement the best practices outlined in this article and, in some cases, can cut the time employees spend on domain compliance in half. Standard domain management software allows users to collect dozens of domain name spreadsheets in a central location, as well as check security expiration status and KPIs for each domain name. domain registered with a company.

If you ignore your domain portfolios and domain name security, you do so at your peril. Sound policies and competent domain managers can save you a lot of time, money and stress.

More domain name security resources

The Domain Name System (DNS): Complicated Technology Explained in Simple Terms [Infographic]

Your website URL: an expensive.com domain name…or those creative alternatives?

Three reasons why long-term domain registrations make sense