The Importance of Strong Domain Security to Brand Value | Enterprise Security
Building and sustaining a brand has gotten more challenging. The global marketplace, empowered by the Internet, has delivered a raft of opportunities to businesses, but it also has opened the door for challenges. These challenges include increased competition as the result of a wider market, and increased possibilities for brand abuse.
Added to that mix is the ever-present cyberthreat. Marketing teams, legal, IT and the C-suite have their work cut out for them.
Taking a step back, the fundamental starting point for any brand is choosing and registering the right domain names. These memorable names set the scene for the business and are the foundation on which brand identity is based.
Because the domain name forms a critical part of the organization’s overall business strategy, it needs to be safeguarded. Without it, or if it is compromised, the brand could flounder — especially once a business has been operating for years and has become well recognized.
The Ever-Expanding Scope of Brand Protection
Keeping the domain safe is a core element of an online brand protection strategy that addresses wider brand abuse, infringement, piracy and counterfeiting. In recent years, brand protection has expanded to include aspects of cybersecurity.
With the increasing sophistication of cybercriminals and the prevalence of attacks, the lines between brand protection and cybersecurity have blurred. Ideally, businesses should create an integrated cybersecurity and brand protection strategy, because both are designed to mitigate risk and safeguard the company from loss of customer trust, damage to reputation, and a negative impact on the bottom line due to lost sales.
The challenge of looking after domains often is exacerbated by the fact that brands typically own a number of domain names, and the management of this portfolio isn’t always centralized. Different departments, brands and offices register their own domains, and there is no consolidated list of names, information on where they are being used, or renewal details.
Add to that the fact that single departments or individuals very often are tasked with keeping track of these domains, which is time consuming and can be problematic if a key person leaves the business. Without a proper handover, renewal notices could go to defunct email boxes and core domains could lapse.
The DNS Threat
In addition to threats to the brand itself, domains present a target to cybercriminals on a broader level. Attacks on the domain name system (DNS) have become more prevalent. Attacks carried out against domain name registration accounts and the hijacking of DNS records present a severe threat to brands. They can be disruptive and harmful to businesses because they result in redirected traffic, which means lost revenue for the brand as well as damaged customer trust.
Internet Corporation for Assigned Names and Numbers (ICANN) highlighted the seriousness of this issue when it released a warning earlier this year of an ongoing and significant risk to key parts of the domain name system infrastructure.
What can brands do to ensure they have their bases covered?
Domain Management and Security
Today’s modern business faces something of a dual challenge — leveraging the power and reach of the Internet to raise awareness of a brand, product or solution, while keeping online assets safe. It begins with the domain; first, deciding where to register the brand, in which territories, how to secure the domain, and how to maximize online presence.
Brands need to balance the desire to register every possible variant of their name with registering the core names that are business-critical. Registering, securing and managing all variations is costly, time-intensive, and unsustainable in the long term.
However, failing to register the right domains could lead to unscrupulous third parties registering them to spoof the legitimate brand’s website. In this way they could redirect Web traffic, steal customer information, sell counterfeit goods trading on the brand’s name, and carry out online fraud.
This becomes especially complicated considering that by mid-2018 there were more than 339 million registered domain names.
A comprehensive domain strategy covers all these elements, looking at the entire protection lifecycle — from registration and management to securing and optimizing the domain portfolio. When it comes to mitigating the risk at the DNS level, there are a number of things to consider.
Best Practices for Mitigating Risk
Time is a critical factor when it comes to attacks on the DNS. Identifying an attack is just the first step in the process. Once this has happened, it can take anywhere from minutes to days to reset the servers in the DNS system in order to update them with the correct information.
This impacts a brand’s ability to do business, which is why choosing the right registrar is important. It’s not an issue of selecting a registrar based on price but rather security.
1. Security First: Choose the Right Registrar
Corporate registrars are a safer bet because of the hardened security measures they have in place compared to retail registrars. Typically they offer specialized security features for preventing, detecting, and responding to attacks against any domains.
Choosing a secure registrar means selecting one that uses a portal to ensure ongoing security checks and searches for code vulnerabilities much like an IT security team does for a website. Registrars must keep up-to-date with changes in the threat landscape as a standard practice in order to understand new exploits and vulnerabilities. They also should demonstrate strong internal security controls and best practices, including the following:
- Verifying portal account access via two-factor authentication
- Restricting access to a portal via IP address
- Sending notifications on any name changes
- Avoiding automated emails as a primary means of communication
- Keeping activity logs to track all domain name updates
- Maintaining strong password management to force password changes
- Offering multiple levels of access
The domain landscape isn’t static and has been influenced heavily by the emergence of generic top level domains (gTLDs), legislation and political upheaval. A corporate registrar can help brands deal with these issues and advise on the impact they will have on the business and how best to manage them.
2. Bring Everything Together: Centralize the Domain Portfolio
As businesses have many domains to keep track of and secure, it makes sense to have an overall view of all of them across all offices, brands and locations.
This should include all information related to where they are registered, how they are used, and when they are due to be renewed.
3. Watch What’s Important: Monitor Critical Domains
Keep an eye on critical domains because they are vital to the health of the business.
Monitor for unauthorized DNS updates, changes to website content, and DNS cache poisoning. The quicker issues are identified, the quicker they can be remediated.
4. Lock It Up Tight: Domains, Registrars, Registries
Locking domains means that they can’t be transferred. Once registered, domains should be configured and then locked. This can be taken a step further and brands can implement registrar locking. This is an added security measure that freezes all configurations until the registrar unlocks them — and it can unlock them only after completing a series of security exercises.
The brand controls the level of complexity associated with its specific protocol, and domains are made available for updating through a portal, only after security protocols are accurately completed.
This added dimension of security is vital for mission-critical domains such as transactional sites, email systems, intranets and site-supporting applications.
In addition, brands can insist on registry locking. Registry or premium locking makes the domain unavailable for any updates at all. This method of locking is currently available for .com, .net and several country code top level domain (ccTLD) registrations.
A Holistic Approach
The domain landscape will continue to change, bringing with it both opportunities and challenges. In order for businesses to thrive in this shifting environment, they should focus on domain management and security, preferably as part of a wider, more comprehensive brand protection strategy that incorporates dealing with brand abuse, infringement and cyberthreats such as malware, phishing and fraud.
Looking at domains specifically, this management strategy can help secure the domain portfolio and ensure that it performs as it should. Key to this process is working with the right registrar, one that focuses on corporate clients, has security measures in place to mitigate threats, and helps the brand keep its domain portfolio safe.