Cyber threats are having a significant impact on businesses — that much is clear. Budget and resources are being dedicated to securing infrastructure and applications, and educating staff on the dangers of phishing, malware and social engineering. For marketers, cyber security is quickly encroaching on brand protection as a whole, and rightly so. The lines between the two areas are blurring and in the future it is conceivable that the two disciplines are far more integrated than they are now.
But what about domains? How does domain security factor into wider online brand protection initiatives? While domain registration, renewal and management are an integral part of online brand protection, does security gain the same attention?
Regardless of the current approach, marketers should be focused on this aspect, especially seeing as the threat is increasing in the domain name system (DNS) space. Historically this wasn’t a target for cyber criminals or hackers, but as they become bolder and more sophisticated, nothing is off limits.
What’s the damage?
In an internet-enabled world, any issues with a brand’s website can have potentially devastating consequences, from loss of sales and revenue, to diminished customer trust. So how can hackers cause damage and disruption by launching a domain attack? Firstly, they can take your website offline. No website means no customers and no sales. Secondly, they can redirect traffic from your website to another one that may look like yours. In this way they can capture customer data, such as personal information or payment card details, or they can use the misdirection to sell counterfeit goods. Lastly, they could also possibly hack into your DNS account and transfer your domain away from your organisation.
Given the importance of domains, what should brands do to secure them and mitigate the risk?
Work with the right corporate registrar
Choosing the right corporate registrar is the first step in a domain security plan. The right register will have hardened security practices in place and an excellent understanding of the landscape, the threats and the ways to mitigate them. Such a registrar will also have specialised security features for preventing, detecting and responding to attacks against any domains, including:
- Restricting access to a portal via an IP address
- Sending notifications on any name changes
- Avoiding automated emails as a primary means of communication
- Keeping activity logs to track all domain name updates
- Maintaining strong password management to force password changes
- Offering multiple levels of access
Consolidate your portfolio
The best way of securing your domains is to know which ones you own — maintain careful records of all domain names across all your brands, offices and locations. Ideally, this should be a centralised, global view to ensure you’re always looking at the whole domain picture.
Monitor critical domains
It’s also important to constantly monitor the domains that are core to your brand. Again, working with the right registrar can help here, as they can monitor for differences between the nameservers stored at the registry compared to the nameservers stored in their databases. A mismatch could be the first sign someone has broken into a registry system and made an unauthorised update.
Use two-factor authentication as standard
When accessing a domain management portal or DNS management portal, use two-factor authentication because it provides an extra layer of security that requires not only a password and username, but also something that only the user can give, such as a one-time password via a physical token.
Use domain locking
To mitigate the threat of domain name hijacking, you should ensure your domains are locked. This means they can’t be transferred. Taking this a step further, you should also implement registrar locking, which is an elevated locking mechanism that freezes all domain configurations until the registrar unlocks them upon completion of a customer-specified security protocol. This should be applied to your most mission-critical domains such as transactional sites, email systems, intranets and site-supporting applications.
The threat that cyber criminals and hackers pose to brands shows no sign of abating. While the consequences of an attack could be severe for an organisation, there are ways to mitigate the risk, especially when it comes to domain security. Importantly, domain security needs to be considered as part of a much wider online brand protection strategy that also takes the cyber threat into account. As a result, working with the right partners and having the right processes in place can position your organisation to effectively deal with the threat.