Common Domain Name Security Risks

To protect against these and other domain name security risks, businesses should implement strong security measures and regularly monitor and manage their domain portfolio, this includes:

Ensure domain contact details are up to date. Make sure you review your domains contact details regularly to ensure they are up to date. As people come and go within organisations it’s important this information is regularly kept up to date. Here at brandsec, we strongly recommend using contact details associated to the organisation rather than an individual (E.g. Domain Manager instead of an individual’s name such as John Smith). It saves the hassle of updating domain names every time someone leaves an organisation and does not disclose personal information.

Be aware of your renewal dates. Set your domains to auto-renew. Often we learn of customers ignoring renewal notices, only to find that they have then missed a renewal of a critical domain, which then, in turn, brings down important business services such as website and email. The benefit of using a corporate domain management provider such as brandsec, ensure all your domains are set to auto-renew and you don’t have to worry about the hassle of renewing each of your domain names.

Registry Lock. Add an additional layer of protection for your domain’s names by implementing a registry lock. A registry lock provides the highest level of protection for a domain name whereby certain domain details will not change without the owner’s consent. If any changes need to be made to a domain name that has registry lock implemented, including modifying DNS records, changing ownership or registrar transfers, a stringent verification process takes place. Read more on Registry lock here

Add WHOIS domains privacy registration details. With a lot of mixed reviews on whether WHOIS privacy registrations are worth it, it’s a difficult decision that domain owners are faced with on whether to implement. However, WHOIS privacy can help to reduce and eliminate spam coming through to businesses (as emails will be hidden) and avoid fraudulent contact with your customers. Its also a good way to hide what you are doing as a business from your competitors and potential cyber squatters E.g. If you are looking to launch a new brand, you don’t want your biggest competitor knowing about it. Through WHOIS privacy registration, your company’s information will be hidden and information pertaining to your registrar will only be visible in the WHOIS.

Ensure your registrar has 2 factor authentication. There is nothing worse than getting a notification or email that one of your accounts is potential compromised. By having 2 Factor Authentication (2FA) in place at your current registrar, provides an additional layer of security when logging in and provides that piece of mind that your account is secure. 2FA is becoming increasingly popular within business IT Security requirements, therefore, ensuring your registrar has 2FA functionality is crucial.

Monitor who has access to your domain name account. Staff often come and go, so keeping an eye on who has access to your domain name account is critical for maintaining the integrity of its security.  Access to the domain name portal should be kept to a minimum and regularly monitored.  We also recommend giving people ‘read view’ instead of write permissions where practical.

Appropriate DNS. A lot of brands spend millions on hardware, redundancies and network monitoring tools, yet don’t invest in their DNS infrastructure.  As DNS DDoS attacks are on the rise, targeting ISPs, Domain Registrars and similar free DNS services, we recommend that our clients use an enterprise-grade DNS network for critical domain names.