So you have your domain name already, but now how do you protect it?
#1: Use a reputable registrar
The first step to shoring up your domain security should always be choosing a reputable domain name registrar with accreditation from registry operators and the Internet Corporation for Assigned Names and Numbers (ICANN). Even better, choose a registrar that can demonstrate investment and expertise in cybersecurity, including controls, processes, technologies, and staff training.
If you do a quick Google search for the best domain name registrar, you’ll see millions of results. But not all domain registrars are created equal.
Opt for a domain registrar that has a good reputation, takes security seriously, and that has tools in place that facilitate domain name security.
#2: Register lookalike domain names
The easiest way to start defending against typosquatting and domain spoofing attacks is to register look-alike domains yourself and redirect them to your company’s real website. Registering these domains on your own means that they can’t be registered by cyber adversaries who would use them to divert traffic away from your website and potentially scam your customers.
When registering lookalike domains, consider purchasing domains that contain misspellings of your company name, singular and plural versions, hyphenations, and generic top-level domains like .com, .info, .net, and .org.
Domain hijacking can sometimes happen when your domain registrations unexpectedly expire, or when a cyber attacker successfully impersonates your business to your designated registrar.
To help mitigate the risk, we recommend:
Registering your domains for the longest term possible – usually up to ten years,
Registering your company’s domain name directly to the corporation instead of to an individual,
Registering your company’s domain name with a company credit card instead of an individual person’s payment information,
Enabling domain privacy protection to exclude your personal data from the WHOIS directory,
Enabling Registry Lock, a security feature that requires your registrar to manually verify any requested changes to your DNS records.
#3: Enable registrar lock
When you register your domain name, most registrars will automatically lock it. This prevents unauthorized changes, including transfer to another registrar.
ICANN regulations state that when a transfer request has been filed, the registrar has five working days to respond. If there is no response, the transfer request will automatically be approved. In other words, if someone other than you requests that the domain name be transferred to another registrar, the transfer will be automatically approved without a domain lock in place.
However, certain changes to your domain name settings might require you to unlock your domain. If that’s the case, be sure to lock it immediately after you're done.
#4: Secure access to your domain
Securing access to your domain control panel and controlling user permissions are important steps to preventing domain hijacking attacks. Most registrars offer features like two-factor authentication and IP validation that can help verify the identity of a user logging into your domain control panel.
A number of employees at your organization may require access to your domain control panel to fulfill their job duties, but only trusted individuals should be assigned elevated permissions to modify staff permissions or implement DNS configuration changes.
Cyber attackers may attempt to gain access to your domain control panel by contacting your domain name registrar and impersonating your business. Your registrar should prevent these attacks by following your authorized contact policy and implementing DNS changes only when requested by trusted, verified individuals at your company.
#5: Choose a strong password
A strong, unique password is a necessity for all your online accounts. This includes not only your domain registrar’s account but also the email account associated with your domain registration contact information. .
But what makes a strong password? A strong password usually contains eight to 12 characters, consisting of both uppercase and lowercase letters, numbers and symbols. The downside to a strong, unique password is that it’s not always easy to remember.
Look into a password managers, which help to keep all your passwords safe so you don’t have to remember them. Instead, you just need to remember a single master password that unlocks your password manager vault.
Password managers can also generate secure passwords for you so you don’t have to remember everything that goes into creating a strong password.
#6: Enable two-factor authentication (2FA)
In addition to having a strong password, it’s a good idea to set up two-factor authentication for your most important online accounts. With two-factor authentication, you’ll have to enter your password and use an additional method of verifying your identity.
This can include:
A text message with a code sent to your phone
An email with a special authorization code
A code generated by a third-party app such as Google Authenticator, Authy, or similar
Once you set up two-factor authentication for your domain registrar’s account, even if someone gains access to your email, they won’t be able to log in without entering that special authorization code.
#7: Use an SSL certificate
An SSL certificate enables websites to use the secure HTTPS protocol. An SSL certificate is nothing more than a data file that’s hosted on a website’s origin server.
It contains information such as:
The domain name for which the certificate was issued
The person or organization that the certificate was issued to
Who issued the certificate
Issue and expiration date of the certificate
Public key. which is a long string of characters used to decrypt and encrypt data passed between your website’s server and incoming traffic
In short, this information ensures that your visitors’ sensitive information is encrypted so it doesn’t fall into the wrong hands. It also prevents hackers from creating a fake version of your website, and it verifies the ownership of the website.
Most domain registrars have the option to purchase an SSL certificate directly from them — making domain name security easier to manage.
#8: Enable privacy protection
Many domain registrars will offer automatic privacy protection for your domain. This is also known as WHOIS privacy. By default, as soon as you register a domain name, your contact information is visible online when someone performs a WHOIS search on your domain. They can see your email address, phone number and even your home or business address.
WHOIS privacy masks that information so that it’s not publicly accessible. Some domain registrars offer this for free, while others will charge a small fee on top of the domain registration cost. Regardless, it’s well-worth paying a little extra to ensure your information cannot be accessed by anyone online.
#9: Renew your domain regularly
Forgetting to renew your domain name could cause serious damage. For one, you run the risk of a competitor scooping it up. Secondly, a domain squatter could register your domain name and either refuse to sell it back to you or demand an exorbitantly high amount of money for it.
Whenever possible, ensure that your domain is set up with automatic renewal.
In addition, consider registering your domain for a longer period of time. For example, instead of one year, opt for two, five, or even 10 years. You’ll save money in the long run and gain immediate peace of mind in terms of domain name security.
#10: Keep your contact details with the registrar up to date
Business address or email changes are not uncommon these days. However, be sure to keep your contact information up to date with your domain registrar.
Get into the practice of regularly checking your contact details and updating them whenever they change. This includes keeping your email, phone number and contact address current.
It’s a good idea to always have this information associated with you rather than an employee or contractor (e.g., website designer). That way, if that employee ever leaves, you avoid the risk of losing your domain because you’ve disabled their email address or company phone number.
#11: Beware of phishing emails
Unfortunately, phishing emails are prevalent. They could seem completely innocent and as if they’re coming from someone you know or a business you trust. In some cases, they might even appear to come from a government or other official agency.
Sometimes, bad actors use phishing as a tactic to gain access to domain names.
Be wary of any emails that ask you to click suspicious links or want access to your sensitive information. Most reputable companies won’t ask for your SSN, credit card information or similar in an email.
If you’re not sure that the email is legitimate, it’s best to ignore it rather than risk exposing your financial or other sensitive information.
#12: Keep your domain registrar information safe
Lastly, keep the information about your domain registrar safe. This includes storing your login email or username and password in a secure location. Aforementioned password manager is a good option.
Don’t share your login information through a text message, email or chat either. Instead, use your password manager to securely share the password with other members on your team. Alternatively, some domain registrars will allow you to invite other users to your account so they can help you manage the more technical aspects.
Want to find out more about Domain Hosting, or how to keep your Domain Name Secure? Click the green button below to contact us today!