With all the noise about security breaches and phishing, it’s hard to consider that evildoers might yet find another way to use the Web against you. But if you own a domain and haven’t taken steps to protect your registration, they may very well be doing just that. But don’t despair — protecting your domain registration requires just a few simple safeguards.
When you signed up for your domain name, you paid for either a single- or multi-year term. Regardless of the term, it’s easy to forget when renewal time draws near. Most domain registrars offer an automatic renewal, and if your Web domain is important to your business, you should sign up for the option. That takes all the guesswork out of ensuring you continue to own your precious domain.
Lock down domain transfer and DNS records
Your business would suffer if you woke up one morning and found that someone else has taken over your domain. If thieves gain access to your domain account, they can transfer the registration, making it difficult or impossible for you to regain control. Don’t let this happen to you.
Your domain registrar probably offers the ability for you to lock down transfers of your domain. They may charge an additional fee, but it is well worth the protection if it prevents someone from hijacking the domain you rely on.
Possible protections may include simple lock-downs controlled by a PIN, or they may be more advanced, such as implementing two-factor authentication before allowing any changes.
While you’re at it, lock down your DNS servers. DNS is the function that translates your domain name into a specific IP address, and hijacking DNS can wreak havoc with your domain. DNS issues can make it look to customers as though your domain doesn’t exist. Worse yet, the hacker may maliciously redirect your traffic to offensive or competing sites. They can also collect your site visitors’ personal info, opening your customers up to the potential for identity theft or fraud.
For both domain and DNS safety, opt for the strongest protection offered, even if it costs a few more dollars a month.
Keep your domain contact info private
Although ICANN (the domain registration body) specifies that the domain owner must be a legal identity who can be contacted, it doesn’t say you have to use your personal name and address. If you do business under your own name or a DBA, you can use a non-specific name such as “Site Administrator” and set up a special email address for communication about site registration issues and still comply.
You can also add private domain registration services through most providers. They publish a neutral name, address and contact info to appear on Whois so you are complying with the law but not exposing your private info.
Keep your domain contact info up to date
Just because you have authorized your domain registrar to act as your agent on Whois doesn’t mean you don’t have to worry about your contact info. Whether you choose to use your personal data or a contact alias, make sure you keep the information up to date and don’t forget to monitor whatever email account you use so you don’t inadvertently miss important happenings.
Other basic security measures
Basic cyber security controls should be in place for your domain to keep it secure. For example, never share accounts. Everyone who has access should have their own login credentials so you can quickly shut down an account if an employee leaves or their account is compromised. It also allows you to limit permissions to just the functions the specific individual needs,
If your registrar offers it, sign up for two-factor authentication. That way, potential domain thieves have to have your account info and your phone to steal your domain name or DNS info.
Practice good password hygiene by making your password unique and hard to guess. Change the password frequently, and use answers to security questions that aren’t easy to find in your social media accounts or with a little research.
Keeping your domain registration and DNS secure takes a little bit of effort, but it pales in comparison to the time and resources necessary to get it back if they’re compromised.
Read More ›
Our Deputy Chief Security Officer shares tips to protect your personal information and financial accounts in the wake of the Equifax breach.Read More ›
Recent phishing attempts target financial institutions and consumers that are engaged in mortgage lending.Read More ›