Information Centre

As businesses increasingly turn to the online world for commerce, a domain name and its associated website are far more than just online brochures in many cases. Some businesses would lose thousands, even millions of dollars a day should their domain name become compromised. Even given this importance, domain name security is an issue too often overlooked.

What are the threats?

The most common security threat in relation to domain names is someone accessing the account and pointing the site elsewhere - or even attempting to transfer the name to another party. While these incidences can be easily rectified, even a day or two of domain name related problems can seriously tarnish a business, seriously disrupt communications and heavily impact its bottom line.

Keeping your account secure

People often use common passwords or very short passwords to protect their accounts that can be easy to guess - for example, some continue to use the word "password" - this is a security nightmare that happens all too often. The longer and more complex you make a password, the harder it is to crack and the more secure it is. By introducing numbers and a mix of lower and upper case characters, it becomes even harder to compromise and offers a far greater level of protection. This doesn't mean to say you need a password that you can't remember; you can use one that forms a non-language word that is pronounceable; for example: Bogaloy4u2.

Controlling access

Within an organisation, sometimes passwords can be passed between staff members - another big security threat. You should only provide your domain name account login details to those who really need to know and instruct them that it is highly confidential information not to be shared with anyone else for any reason. It's important to keep track of who has those details and if a staff member entrusted with your login information leaves your employ, immediately change the password. There should also be strict guidelines on how passwords are stored

Administrative email accounts

The email address associated with the administrative contact for your account should be not be a general or catch-all email address such as [email protected] that in most businesses is accessed by numerous employees. As you have the facility through your account with us to create numerous email addresses, we strongly recommend the email address noted as the administrative contact on your domain name record be one that is accessed only by the principal of your organisation. To update the administrative contact email address for your domain name, simply log into your account. 

Keeping registrant contact details up to date

If something should go wrong, you need to be able to access your account quickly. If you have forgotten your password and you have an outdated email address listed, you will not receive your password reminder. Additionally, if someone in your company registered the domain on your behalf and leaves your employ; you may need to provide additional identification for security purposes to gain access again. This is all time consuming and time is a luxury you don't have in a situation where your account is compromised.

Monitoring changes

In order to better protect your domain name, you should check the registrant record regularly - it's easy to do so using a domain name WhoIs service. Take special note of the "last modified" date, which can indicate whether someone else has accessed the account and made changes since your last login - an issue worth investigating.

Keep your computer secure

If you keep your domain password on your computer (and we're not suggesting you do); ensure you have control over who accesses the computer, that you have an anti-virus program installed and you keep that protection updated. It's also wise to use a password storage application that has strong encryption.

Verifying communications

Ensure that an email purporting to have been sent by your registrar actually has been. Be very wary of any links in an email that do not point to your registrar's web site. Hover over links in emails to determine where they point to - and examine that address closely. If in doubt, contact your registrar directly to confirm the communication is legitimate.

While bearing in mind domain name security issues may seem like an extra burden in your already very busy business; as the old saying goes, an ounce of prevention (and in this case, protection) is better than a pound of cure.

Other information security tips

Your business is more than just your domain name - Pick up some more information security tips to help protect your business.