You need a domain champion, says Glenn Hayward, CEO at Com Laude, a corporate domain management company.
There’s no question that web domains are one of an organisation’s most valuable assets. They aren’t merely a web address; they are the representation of a brand’s online identity and are key to an organisation’s online presence – something which is felt more keenly than ever should they fail. And with the sharp spike in cyber security incidents in the last year and with ransomware activity on the rise, the threat to businesses is more real than ever.
Yet despite the importance of domains and the ever-growing need to protect them from cyber-attacks, they often don’t receive the care and attention they deserve. A cyber-attack can be felt across the entire organisation and sometimes to devastating effect, while failure to secure or renew domains can also lead to larger and longer-term problems such as persistent trademark infringement or cybersquatting. To combat these threats, organisations must have a robust domain strategy in place that ensures domain portfolios are optimised and locked down.
Why is domain management often neglected?
The fact that domains are deployed by so many different parts of an organisation can mean that once the domain name is registered and resolving, corporate amnesia can set in. For example, who is responsible for the management of each domain? Who can make changes to its technical settings? What approval processes are in place to ensure the portfolio keeps pace with the development of the business?
Often, domains reflect an organisation’s intellectual property, both registered and unregistered marks, so a company’s legal team may be engaged in the registration. Domains can also be deployed by marketing teams when new campaigns and products are launched. Typical custodians, IT teams, with their technical know-how may also be in charge, but this can again be further divided with security teams, who may want oversight of domain portfolios in order to mitigate common security risks, such as phishing attacks.
Either way, the loose categorisation of domain management means that the role and responsibilities are susceptible to falling through the cracks. To avoid this happening, businesses would do well to have an in-house domain champion – someone who can not only ensure domains are fully looked after but also build stakeholder buy-in for a robust domain strategy – this really helps to ensure domain portfolios are locked down and risks are minimised, avoiding potential for disruption and un-necessary costs.
Here are a few tips for domain champions that should help protect their brands and combat cyber threats:
1. Implement regular domain audits
Regular domain audits are helpful in taking control of a company’s domain name estate. Much like a car MOT provides a vital health check, a domain audit covers key factors such as who owns each domain, how registrations are being deployed and which domains are key in terms of traffic and commerce. It may also identify excess.
In many organisations, domains will have been registered by multiple departments from a myriad of locations, by individuals using several domain registrars. This fragmentation in managing a domain portfolio can lead to a loss of control – unintended domain lapses for example. These risks can be mitigated by the domain champion if they instruct a thorough audit of the company’s portfolio, followed by scheduled regular audits to ensure the domain name portfolio continues to be secure and fit for purpose.
2. Put in place an effective encryption strategy
Encryption is one of the most powerful tools in the data security arsenal. Today, encryption methods such as SSL or TLS are essential for all domain names that resolve to sites holding confidential data. However, according to Google, 21% of the browsing traffic in Chrome have not adopted such measures leaving them open to attack. As well as implementing an up-to-date encryption protocol, the domain champion should ensure the business is on top of regular encryption certificate renewals – until recently, organisations could buy certificates that lasted up to three years and were only required to authenticate credentials once during this time. Nowadays, certificates are issued more regularly, meaning the domain name holder needs to authenticate them more frequently. Failure to do so can lead to downtime and a loss of site visitor confidence, ultimately damaging the brand.
3. Create a formalised certificate management process
To best manage the certificate process, the domain champion should establish and oversee a formalised certificate management procedure. Many businesses have an unstructured approach to buying certificates, with individuals from different teams buying them on an ad-hoc basis. This can lead to unnecessary costs and missed renewals through a lack of continuity. To highlight the importance of having a formalised certificate management process, it’s worth bearing in mind that an organisation with 50 SSL certificates can carry an estimated management burden per annum of up to 225 hours if there are no processes in place. More than a month of time wasted per year.
4. Protect domains with domain registry locks
To protect the business against domain hijacking, key domain names should be protected by domain locks. More and more domain registry operators offer a robust domain lock solution called Registry Lock, which ensures only authorised staff are able to make changes to DNS settings via a multi-factor authentication process.
5. Work with a trusted DNS partner
Together with assuming responsibility for the management of a domain name portfolio and the associated SSL certificates, the domain champion should also ensure regular DNS traffic query analysis takes place – for example highlighting high-traffic domain names which may need enhanced security management.
A DNS health check includes testing the performance of the DNS infrastructure provider. Working with enterprise providers such as Com Laude and their partner NS1, will ensure critical domain names are supported on the quickest and most secure networks. With cyber-attacks on the rise, businesses need a robust domain security strategy which factors in the most resilient DNS to maximise availability of their sites.