A best practice approach to domain security

Akino Chikada, portfolio marketing, senior director, MarkMonitor, discusses the main risks associated with a DNS attacks, and the key things marketers need to know about them.


Successful brand protection requires a holistic approach in order to safeguard both itself and its customers.

As a result, it is no longer the realm of one department, such as marketing, but needs support and input from multiple areas of the business, including legal, IT and IT security. In today’s highly volatile cyber threat landscape, working with IT security has never been more important.

This overall approach to online brand protection includes a number of elements, including protecting the brand from infringements, counterfeiting, cybercrime and domain abuse. The latter is particularly important as domains are core to a brand’s identity and form the foundation for any wider business strategy.

A domain portfolio

There is a lot to consider when it comes to domains; registering a name, renewing it, securing it and managing it as part of a much wider domain portfolio. Depending on the size of your organisation, you could own anything
from tens of domain names, to hundreds. Not all domains will add tangible value to your business; you may have domains that are used for creating brand presence or those that you’ve defensively registered to protect your brand name.

In addition, your portfolio could include old domains, those used in past marketing campaigns and those that are no longer needed. The best way to ensure you’re optimising your domain portfolio is rightsizing it, selling or dropping those domains that are no longer needed and using your resources to renew, secure and manage your core domains.

But why are domains so important? Yes, they form the cornerstone of your organisation, but what’s the danger in getting things wrong?

In today’s marketplace, a day without a website can have devastating consequences.

If your website is unavailable, customers can’t find what they’re looking for, they can’t interact with your brand and, if your site is an e-commerce platform, they can’t make purchases ultimately affecting your revenues. If hackers do target your website and take it offline, your brand is facing lost customer trust, lost revenue and reputational damage.

Hackers don’t even need to take your website offline. They can also divert traffic away from your site to their own (an imitation of yours), where they can either harvest customer details or sell counterfeit goods. In extreme cases, cyber
criminals can hack into your domain name system (DNS) account and transfer your domain away from your organisation.

As part of wider online brand protection initiatives, you need to consider keeping your customers safe by using measures such as SSL certificates that demonstrate your credibility. You also need focus on combatting cybersquatting and building defensive domain registrations into your domain security and brand
protection strategies.

What can be done to protect your domain portfolio?​

While the threat that hackers and cyber criminals pose to brands is serious, it can be mitigated. One of the ways to approach domain management and security is by working with the right registrar. Corporate registrars, for example,
generally have strong security practices, procedures and technologies in place than retail registrars, and are better placed to prevent, detect and respond to attacks. They can restrict access to portals, using an IP address; send
notifications to you with any name changes; keep activity logs to track all domain name updates; maintain strong password management; and offer multiple levels of access.

Corporate registrars will also use domain locking as a protection mechanism. Simply put, if domains are locked, then they can’t be transferred. For mission critical domains you can add another dimension; registrar locking freezes all
configurations until the registrar unlocks them based on a customer-specified security protocol. This ensures only the people with the right permissions can make changes.

Best practice approach to domain security

There are also a number of best practice approaches that you can incorporate into your overall online brand protection plan to ensure you’re properly securing your domain portfolio.

Get a centralised view

Regardless of the size of your domain portfolio, it’s important that you have a consolidated view of which domains you own, across all brands, departments and locations.

Pay attention to core domains

It is critical that you monitor those domains which are core to your brand. This might not be something you have the in-house resource to do, so working with a brand protection expert can be helpful in tracking aspects such as differences between the nameservers stored at the registry compared to the nameservers stored in their databases.

Secure access

Two-factor authentication should be used to access domain management portals or DNS management portals. In this way you’re getting an extra layer of security because you don’t just need a password and username to login, but another “factor” that only the right user can provide, such a one-time password.

The future of domains

Brands will continue to face threats in the form of cyber-attacks, abuse, infringement and counterfeiting. As a result, brands need to do all they can to manage and secure the most critical elements, such as domains, as well as pay
attention to keeping their customers safe, protecting their reputation and safeguarding revenue – all of which can be addressed through a comprehensive and multi-layered brand protection strategy.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: