These days, there are so many cyber threats to businesses that it’s easy to overlook the one thing a business depends on every day—its internet domain name.
For many businesses, a domain name is a lot like the slogan for the once-popular Showtime Rotisserie Oven—Set it, and forget it! But, that’s just the problem. So, what should your business do to ensure its domain name is as safe as it could be? Here are four things to keep in mind.
1. Use a separate email address to register your domain name.
Most legitimate domain registrars have safeguards in place so that—if someone is able to successfully hack your login information to the registrar’s website—any changes made to your website’s DNS (Domain Name Server) would require some sort of validation. So, if a hacker logged in and attempted to change the DNS record, they’d then also have to validate that change via email. It’s foolproof, right? Wrong!
If a cyber criminal gains access to your DNS controls, you could be in trouble.
With most registrars, you can’t change a DNS record without verification. However, there are situations where a hacker could gain access to both your domain control panel and your domain-specific email. Once they have access to both, they can reset the email MX (Mail Exchanger) record to point to their own email server, or they could create a new mailbox. In this scenario, when the registrar attempts to perform the validation, they’re communicating with the hacker, which, I think we can all agree is not ideal.
You can prevent this by using a separate email address—Gmail, Yahoo, your ISP, etc.—when registering the domain name. Make sure you give them an email that you stay on top of. You don’t want to miss a legitimate email from your registrar saying your domain expires today!
2. Always secure your registration.
Remember the days when you used to look through a phone book and you’d see a listing for, “John & Jane Smith – Children’s Line”? There are so many things about that situation that are outdated, but why we ever thought it’d be a good idea to list our children’s contact information in a public directory, I’ll never know.
Among those same lines, it really doesn’t make sense to have your name, email address and phone number publicly listed alongside your domain name. You’re just making it easier for someone who would want to cause harm to your company.
Most domain name registrars offer privatized registration for a small fee. Trust me, it’s worth it! With privatized registration, your name and contact information is concealed from public visibility. Someone can still submit a request to contact you, but the request will come via the entity doing the private registration. You then have the option to reply to the requester. I mean, you never know. Someone could legitimately want to offer you a ton of money for your domain name.
Next to privatizing your registration, locking your domain is the most important thing you can do to beef up the safety of your website. Domain locking will keep the domain from being transferred to another party or modified by cyber criminals. All good registrars offer locking. If your registrar doesn’t offer domain locking, I’d think about moving.
3. Don’t give contractors more access than they need.
It’s not uncommon for companies to work with third-party web developers for the building and managing of their websites. When you do, set up a separate login for the third-party contractor with just the access settings they need to accomplish the work. No matter how much you trust them, absolutely do not give them your account and password. Also, once the work is complete, go back in and disable their account.
If you currently have a designer or a “go to” geeky friend that registered the domain for you, stop reading after this sentence and tie a string around your finger to remind yourself to have them add you as the “owner contact” tomorrow. This suggestion doesn’t imply they will be menacing. It’s meant to prevent the pain you’d experience if/when you change vendors. Regaining admin access to your own domain can be a very frustrating task. Rule number one in Domain Club: always make sure you are an owner or admin contact for your domain.
4. List a secondary authorized contact for your business.
If, for some reason, you ever lose access to your domain, getting it back can be a bit of a chore.
For instance, let’s say the employee responsible for your domain registration is no longer with the company, and you now need to make some changes to the website. Most registrars are going to require that you submit a certified letter on letterhead. They’ll likely then require that you visit with them over the phone before they’ll release the domain to you. But, you can prevent all of this by doing yourself a favor and listing a secondary authorized contact.
It’s unfortunate we live in a time where much of the web resembles the wild gunslinger turmoil in an old western movie. But, by following these four steps, you can help ensure the long-term protection of your domain name and keep would-be cyber criminals from causing harm to your company.
Now would be a good time to log into your registrar’s portal and verify the contact information. You might even decide to go ahead and renew your domain rental agreement for the maximum number of years allowed. That’s right, you don’t own your domain, you just pay a fee for exclusive rights to use it to point to some IP addresses you don’t own. Whole ‘nother story…
About the Author:
Rusty Haferkamp is the chief information officer for Central National Bank. In his spare time, he enjoys being outdoors, hunting, fishing, and spending time with his wife and two young daughters.