Best Security Practices for your Domain Name

Nowadays, your brand is even more important than your tangible property. Though most businesses protect their premises with CCTV cameras and state of the art security devices, very few consider protecting their domain name. Yet, this is an essential part of your business operations and you could potentially lose huge sums in a single day if it becomes compromised.

You may not hear accounts of domain name theft every day, but it does happen and it’s more important to be safe, than sorry. If your domain is a popular one (let’s say nebulasdesign.com), the domain name loss will still have a tremendous impact on your business.

There are different scenarios that make domain name security vital. One common example is when your domain name was registered by an employee who later left the company, without leaving behind the registration details. Don’t forget that your domain name is tied to your brand. Every domain name appreciates over time, so if you don’t have the details to renew when it expires, someone else might just hijack it and ask you to pay an outrageous fee to get it back.

Read on to discover the security measures employed by registrars and those you can implement to ensure your domain name remains safe.

WHOIS Details Verification

On January 1st 2014, the Internet Corporation for Assigned Names and Numbers (ICANN) mandated that all domain name registrars begin verifying details for all new domain name registrations or modifications. This information is what is contained in the public WHOIS record. This means that if you register a new domain name (or change your registrant information on an existing domain name), you’ll receive an email asking for verification of your new information.

If the email alert is not addressed within the requested period specified, your domain name may be suspended. The purpose of this policy is to ensure any changes made are carried out by the original registrant and not by people trying to hijack the domain name for malicious purposes. It’s therefore vital that anytime you receive an email from your domain name registrar (asking for verification of your WHOIS information), you reply as soon as possible, because this process is for your own security.

Registrar Lock

Registrar Lock is one of the easiest ways you can secure your domain name. Registrar lock simply involves locking your domain name to prevent unauthorised people from transferring ownership – either while the domain is still active or when it expires after an elapsed period. Different registrars have different ways of implementing Registrar Lock.

Some allow you to enable this security feature during the domain name registration process, whereas others allow you to do this as part of your domain management once you fully own the name. There are some other ways a registrar can implement a lock on your domain name. For example, once this lock is put in place, your domain is completely safe and cannot be transferred to another user. Even a valid transfer request will not be authorised, as long as you implement Registrar Lock on your domain name.

Authorisation Code / EPP Code

Registrars understand that owners may need to transfer their domain names to another registrar. Maybe they’re looking for a different set of services or they were offered a cheaper price elsewhere. Whatever the reason, a website owner may need to move elsewhere. However, before this can happen, they have to first obtain a unique code from the current registrar, which will in turn be provided to the new registrar. This unique code confirms that the person with the code is either the owner of the domain name or has full access to the control panel of the domain name in question. If a website owner wants to transfer their domain name, but cannot provide this code, the transfer will not be affected.

Transfer Approval Email

If you decide to transfer your domain name to a different registrar and have requested an Authorisation Code, an email will be sent by the registrar, asking you to click on a link before the transfer can be approved. This provides a second layer of security to protect against unauthorised transfers, because hackers can find ways to obtain an Authorisation Code from your domain registrar. If you didn’t request a transfer, you can either ignore the email or write to them to flag-up this activity. Clicking on the link in the email verifies that you initiated the transfer and it will subsequently be approved. Unless your email address is also compromised, your domain name cannot be transferred.

Enable Two Factor Authentication

A skilled hacker may be able to break even the most complicated of passwords. However, not even the most savvy of thieves can bypass a two factor authentication, unless your device is stolen or compromised. A two factor authentication (2FA) involves syncing a mobile device with your domain login details. After you enter your login credentials, an authentication code will be sent to your device, which you’ll have to provide before you can access your domain management control panel. Anyone who wants to have access to your domain will need both your login credentials and access to your phone. While one may be possible, both are unlikely.

Choose Your Registrar Wisely

All registrars are equal, right? Wrong. While every registrar has what it takes to register the domain name that you choose (if they are available), not every registrar follows best practices when it comes to domain name security. Check the site URL as well, to be sure you are at the ‘right page’. If a URL reads www.freeparking.co.nz/domain-names/search/ for instance, you can tell that your details is not only safe (due to the ‘https’), but you are likely to get the right results as the page URL depicts.

You also have to be sure that your registrar can ensure that your business has an online presence at all times. At least, look for a registrar that offers all or some of the above security features as a basic component of their plan. Meanwhile, others will ask you to pay a token amount extra for added security. Whatever the process, it’s essential you take advantage of it.

Final Thoughts

It’s important that website owners see domain names as assets, and thereby potential security threats. Ensure you incorporate domain security as part of your overall business strategy, because losing your domain name has more far-reaching implications than just losing a name. It can be used to undermine your brand and this will definitely cost a lot of money to repair. By looking for a registrar that employs strict security measures – and playing your own part – you’ll be in great shape to protect your digital assets.

By |2018-11-08T11:43:34+00:00July 3rd, 2018|Articles, Latest News|0 Comments