So after yesterday’s Ashley Madison debacle, where let’s face it most of us were sniggering about the naivety or even the stupidity of some of these people… Come on if you are going to cheat on your spouse, use a fake name? Or a throw away Amex card with no home address tied to it or last but not least create a new email account for just this purpose! Ok so even for us happily married peeps all of the above seems pretty obvious but the hack of Ashley Madison and yesterday’s subsequent leak of names and addresses actually is really indicative of a much larger problem that is only going to grow as our reliance on the internet grows and the issue of cyber security is no more prevalent anywhere else than within the domain industry.
Complacency with our personal data is endemic, some of the most personal conversations we have are with the small rectangle box on the Google homepage, and we do truly do think nothing of signing up for every offer that comes our way, giving away priceless personal information in the meantime. The recent high profile hacks not forgetting those entertaining but embarrassing emails from Sony are reminders that we cannot and probably should not take everything we do on the web for granted and that includes buying, selling and storing domains.
As we know there are some domain names that cost far more than the average home, this makes them highly desirable targets. The domain name theft can be huge trouble for companies because it affects their brand and reputation. A stolen domain name can be used in relation to activities such as distribution of pornographic materials, downloads of malware, and submission of spam. In this regard, one of the former ICANN’s CEO stated, “a domain hijacking is not as obvious a threat as spam and spyware, but it can be just as disruptive to the business and operations of name holders; in extreme cases, a domain hijacking can have a lasting impact on an organization.”
So what steps can we apply to protect our domains, our businesses our brand and reputation?
- Set up a process for renewing your domain names regularly. The easiest way to lose a domain name is simply by failing to renew it in time. Setting up a renewal process can be as simple as scheduling a recurring renewal reminder in your desktop calendaring program to warn you a month before each of your domains is due to expire. Many registrars now allow you to synchronise domains so that they expire on the same date, making it much easier to manage more than one.
- You can usually choose to renew domain names for one, two, five or ten years, but be careful about choosing anything longer than one year – renewing is something that is much more likely to slip your mind if you don’t have to do it regularly. You may also be able to opt to have your domains renewed automatically, but this is likely to increase the risk that you lose track of your domains and their expiry dates.
- Check the contact details held by your domain name registrar regularly. Your domain name registrar should send out a reminder by email when it’s time to renew a domain name, and may also need to contact you if there are payment problems or if someone attempts to transfer your domain names, so it is important to check that the current contact details it has are up to date. It’s especially important to ensure the contact details are updated if the person in your organization who is responsible for domain name registrations leaves, and it’s also sensible to whitelist your domain name registrar’s address in your spam filters to ensure that you receive any emails it sends.
- Keep your account secure.Anyone who can access your account on your domain registrar’s website can potentially hijack your domain name or transfer it to a new owner, so it’s vital that your account is secure. That means it’s important to ensure your account is protected by a long, strong password that can’t easily be guessed or bruteforced by a hacker. You should also use any additional authentication methods (such as two-factor authentication using a security token or one-time passcode sent by SMS to a cell phone) if your registrar offers them. It’s also important to ensure the account password is changed if the person responsible for your domain names leaves your organization.
- Implement Registrar Lock.Most registrars offer a service called Registrar Lock (sometimes called Domain Lock or Transfer Lock,) which can help prevent your domain from being accidentally or illegally transferred without your permission. When the domain is “locked” it can only be transferred after you log in to your account and unlock it. Registrar Lock therefore won’t protect you from anyone who has access to your account, but it can prevent someone from trying to get the domain transferred by impersonating you on the telephone or by email.
- Opt for Domain Privacy.Domain Privacy, which most registrars offer free or for a small monthly charge, enables you to prevent your name, address and contact details being made freely available in Whois records. Domain name thieves can use this information to impersonate you and attempt to have your domain names transferred to a new owner, or to contact you to try to fool you into revealing your account password.
- Use Extensible Provisioning Protocol (EPP).EPP provides another layer of protection for your domain names, if it is supported by your registrar. It enables you to pick (or you may be assigned) a unique Authorization Information Code (AIC) for each domain, which must be supplied to a new registrar before the domain can be transferred to it. If your AICs are kept secure and confidential this can provide effective protection for your domains, but be warned: some registrars make them available to anyone who can log in to your account, effectively rendering them useless.
- Use permanent email addresses.When you specify your contact email address, avoid using one from a free service that might expire if you don’t use it regularly. If that happens someone else could snap it up and use it to impersonate you in correspondence with your domain name registrar, or use your registrar’s “forgotten password” feature (if it has one) to have the password emailed to them.9
- Be suspicious of emails purporting to be from your registrar.Never respond to emails asking you to log in to your account and administer your domain names by clicking on links contained in the email. That’s because the email could be “weaponised” and the links could take you to a replica of your registrar’s website where your account details can be captured. To avoid this always enter the address of your registrar manually in your browser before logging in.
Ok so now your protected so its time to go domain shopping – check out the millions of expired domains we have on our website now! expired domains.