Whether you are an individual, a large commercial business, or a small non-profit organization, the creation and protection of your online presence are essential. While many individuals and businesses use social media platforms to connect with followers, customers, or organization members, a domain name that points to a website hosting your generated content or to an e-commerce platform that generates important revenue is still one of the most secure means to ensure that an online identity does not fall prey to hackers or hijackers that can disrupt your activities and impact company sales and interactions with customers.
Over the years, ICANN and the registries and registrars in the domain name industry have committed resources, financial, technical, and operational, to ensure that the domain name system (DNS) remains stable and secure despite increasing attacks by parties trying to distribute malware, botnets, spam, and other forms of abuse. Just a few months ago several registries and registrars, including MarkMonitor™, signed on to a written framework on ways to address DNS abuse. This framework represents an effort by the industry itself to take proactive steps to address the rise in threats against domain name users.
Although these industry efforts continue, domain name owners also need to take affirmative measures to protect their domain names from attack and hijack. These affirmative measures can be summarized as follows:
- Choose a Security Focused Registrar: There are hundreds of domain name registrars from which to acquire and manage a domain. Choose one that employs a hardened portal that checks for security and code vulnerabilities on a regular basis. The registrar must be able to demonstrate strong internal security controls, have a proven security track record and be committed to staying on top of the newest exploits and latest security vulnerabilities.
- Set Up Multi-Factor Authentication: Many internal security controls require users to use multi-factor authentication, which provides a strong, additional layer of security in the event that login credentials are compromised. Social media accounts often don’t have multi-factor authentication for logins. It is also critical that login credentials to any account – especially to domain, DNS, and website management accounts – are never shared, are reviewed on a regular basis, and have a limited number of authorized users.
- Add an Additional Domain Lock: All important domains, especially domains that point to e-commerce platforms on which products are sold and distributed, should have an additional lock applied, called “Registry Lock.” Registry Lock will freeze all domain confirmations at the registry level until the correct high-security protocol is followed as specified by both the client and registrar. This additional lock prevents erroneous nameserver updates, hijackings and social engineering attacks.
- Use Extended Validation Certificates: To better build online trust, all websites should be available under HTTPS using SSL Certificates. These certificates reduce the effectiveness of phishing attempts and also generate confidence in users visiting your website.
- Check Email Security Standards: Ensure that email providers adhere to the latest and strictest standards in email delivery. This includes setting up email signatures using DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC) records to help prevent phishing emails from getting delivered to users.
Internet safety and security is everyone’s responsibility. Domain name providers such as registrars and registries need to do their part to maintain a safe and secure platform, but domain name users themselves should also take steps to protect their domain name portfolio and ensure their online presence, whether it be a business or organization, is not vulnerable to compromise.