Do you manage domain names for your customers? Do you own domain names?
If the answer is yes, then please read on.
Registering a domain is simple, you choose a domain provider and/or host and pay some money and away you go. In a few simple clicks you can have a website and email attached to your domain name which reflects your company branding.
If you just do this, you are handing over your brand reputation and domain security to the domain registration or hosting company. There is a lot of trust placed in this third party to make sure they keep your website and email brand safe and secure.
What is the risk? Imagine your website generates you new business either in online sales or lead generation or that email is the vital link between you and the customer. What would happen if that was disrupted and traffic diverted to another malicious party who now intercepts your sales or enquiries and your company emails? Properly securing a domain will stop this from happening but it’s up to you, the domain owner, to ensure this is done properly.
We have put together 15 steps you can take to help protect your domain and brand reputation:
- Choose a domain host that has good reviews, is known in the industry or has been recommended by a peer.
- Always choose the longest registration time possible that you can financially afford – this will stop you worrying about the domain name disappearing at the end of the registration period.
- Make sure you lock the domain with the domain registrar against Deletion, Updating and Transfer.
- Always register your domain name a long time before you need it, domain reputation is measured on the age in days of the domain registration. Over 365 days (1 year) means it will have a good reputation and you will get better SEO results.
- Ensure you have very strong passwords (at least 16 characters long and include symbols and numbers) for your domain registrar. If they have it, always enable MFA/2FA (Multi Factor Authentication/Two Factor Authentication).
- Signup to a whois privacy service. This hides your registration details to help stop a social engineering attack on your business. Domain registration details are public and searchable by anyone. In Europe, GDPR protects this and most domain registrars will redact your information by default.
- Check your domain registrar has a good and solid DNS service. Many provide this for free but just pay it lip service.
- Enable DNSSEC on your domain DNS zone – if your DNS host does not provide this then switch to one that does. This signs all DNS queries to stop a man in the middle attack. Ensure the algorithm used is above RSASHA256 (8).
- Ensure your DNS host has geographically dispersed servers, ideally in different countries to ensure you are protected if they have an outage in one region.
- Make sure your DNS host follows RFC guidance around parent and authoritative servers and that response times to their name servers are as low as possible.
- Ensure you add the CAA records in DNS – this protects your certificates by stopping other parties and certificate authorities from issuing certificates against your domain.
- Check the certificate transparency logs for all known certificates against your domain name. This will help to ensure you have no rogue certificates.
- Check domain registrations for swapped TLD’s or sub domains registered the same as your domain name. If you can, always buy the most popular TLD’s (example.com, example.co.uk, example.uk, example.online etc). This protects you against phishing attacks or domain/web impersonation attacks.
- Add a note in your diary a few weeks before your domain and certificates are due to expire so you can renew them in time so you don’t lose them.
- Always keep check on your Domain, DNS and web host reputation and service uptime to ensure your customer facing brand is always available and responds in under 200ms.
Whilst this list is not exhaustive, following these steps will greatly protect your domain name and brand reputation.
GURU Protect provide cyber security services for MSPs and IT Professionals to help keep their customers safe. Join our community to gain access to further resources, such as user training guides and more detailed information about keeping customers safe.