The management of corporate risk in domain names looks at all of the methods that a company uses to minimise downtime, unauthorised access and ultimately financial loss and embarrassment.
Risk managers, IT Managers, Marketing managers, Counsels and Systems Admins should collaborate to implement practices to prevent risk exposure through internal controls of people, technologies and through partners such as corporate domain name management providers. Risk management in domain names is critical to preventing loss, so this article looks at the some of the common risk in domain names.
No Defined home for domain name management function
For many organisations the function of managing domain names is spread over a number of areas and people within the business. This often leads to a lack of accountability and when things to go wrong, finger pointing. A lack of centralised control of domain names is usually synonymous with a lack of policy that governs how domain names should be managed and what to do in an event of a domain name issue.
Business Threats:
- Missed domain name renewal – key web properties go down.
- Inefficient business functions often leading to duplication of effort, or no effort at all.
- Poor risk controls – if no one is looking after domain name and related security matters it increases the risk of a domain name or DNS related attacks.
Mitigation Tips:
- Define the team and role responsible for the domain name management function.
- Develop policy that defines how to manage domain names and DNS.
- Leverage a corporate domain name management service to conduct the heavy lifting.
Under-resourced, stretched or inexperienced domain name resource
In some companies, domain names are the responsibility of one specific resource with the organisation who will also carry many other responsibilities, on top of ensuring that the business critical domain names to not expire or fall the victim to typo DNS errors or attacks. This resource is usually stretched and can only pay attention to domain names when needed. In other cases, domain names are put under the responsibility of a relatively fresh resource (intern etc) who doesn’t truly understand the mechanics of domain names, threats and correct processes.
Business Threats:
- Missed domain name renewal – key web properties go down.
- A lack of structured succession planning – often these resources move on and the function is dumped on a new resource who just needs to figure it out.
- Resource burnout – managing domain name is actually a stressful function. There is no credit given if everything goes well, yet can cost the resource their job if a domain name accidentally expires.
Mitigation Tips:
- Use trusted, senior resources with the bandwidth to give this function the careful attention that it needs.
- Leverage a corporate domain name management service to conduct the heavy lifting.
- Develop policy that defines how to manage domain names and DNS.
- Use hierarchical approval processes to ensure domain name updates are error free.
Domain name accounts with multiple providers
Using multiple domain name Registrars greatly increases the risk of something going wrong. You need to deal with multiple organisations, pay multiple invoices and keep track of tickets for multiple Registrars.
Often budget domain name Registrars will simply put you in a queue with the thousand other customers looking for help and they don’t discern between priority jobs and run of the mill operations, in fact if there is a problem you can at times be left looking for answers, as your requests for assistance will often end up in the too hard pile.
Using multiple Registrars changing the risk profile of your domain name management function as different Registrars have differing standard of security protocols (2 factor authentication, SSO, IP restriction, hierarchical approval processes etc).
Business Threats:
- Missed domain name renewal – key web properties go down.
- Inefficient time management, re: dealing with multiple Registrar.
- Increased risk exposure of attack due to differing risk mitigation technology and processes between Registrars.
Mitigation Tips:
- Consolidate domain names to one master account.
Allowing partners or suppliers to register domain names on your behalf
One of the more common reason domain names expire is because they were registered by partners and not consolidated. Often brands form partnership with marketing agencies who will register domains at concept phase and when the contract or relationship ends, the relevant domain names are not transferred and expire. This is the top reason in our experience why corporate domain names expire and can be easily mitigated with good domain name policies and ensuring that domain names can only be registered in on centralised account.
Business Threats:
- Missed domain name renewal – key web properties go down.
- No control over domain name settings – DNS, SSL etc.
- No control over security standards of the domain name.
Mitigation Tips:
- Have clear domain name management policies around this issue and ensure staff are regularly reminded.
- Ensure all domain names are consolidated into one account.
- Conduct periodic audits of domain name registrations outside your central account and transfer any outliers.
Poor domain name security practices
Domain name security should be one of the most important investments a company makes. It is relatively affordable and often comes as standard with corporate focussed Registrars. This can include IP access restrictions, domain and registrar-level security locks, account activity logs, user control permissions, approval workflows, 2Factor Authentication, SSO and DNS redundancy. Websites such as the New York Times and even The Whitehouse have fallen victim to hackers who exploited lax domain name security measures.
Business Threats:
- Domain Hijacking – domain name goes down or is redirected.
- Business fraud – customers or suppliers are targeted by cybercriminals.
Mitigation Tips:
- Engage a corporate domain name management company with a strong focus on security.
- Ensure core domain name have both Registry and Registrar locks on them.
- Develop a strong domain name policy that includes approval processes for DNS edits.
DNS entry or edit errors
It just takes one typographical error to bring down an entire online operation. Adding or entering DNS records is a detail orientated task that you should only trust with detail-orientated operators. The reason websites often go down is because of DNS errors, poor alerts followed by poor TTL practices.
Business Threats:
- Downtime ranging from complete operational blackout to application interruption.
- Restricted customer services.
Mitigation Tips:
- Restrict DNS access only to trusted employees.
- Use DNS approval process to QA changes.
- If in doubt ask your domain name management provider to assist.
Missed Renewal notice or invoice payment
Another common reason domain names expire is using retail domain name Registrars where each domain names needs to be paid with a credit card or by invoice. There are so many risks associated with the laborious job. Firstly, the domain name manager in your company needs to be completely all over where your domain names are, and then secondly have implemented water tight processes to ensure all of the domain names are renewed on time. This is not to mention that this person stays in the role for the foreseeable future. The reality is that you need sustained perfect condition to make this work, so most corporates use a domain management service to ensure that their valuable domain name assets renew on time.
Business Threats:
- Prone to human error.
- Missed domain name renewal – key web properties go down.
- Inefficiency creating and managing an internal domain name management process.
- Poor succession success likelihood.
Mitigation Tips:
- Consolidate all domain names to a corporate domain name management provider.
- Opt for quarterly invoicing and set reminders in your diary.
- Set auto-renew to all domain names.
Corporate risk in domain names can have catastrophic impact on a business, not to mention careers so it’s important to ensure that a business has the right people, processes, policy, technology and partners to mitigate damage to your brand.
About brandsec
Brandsec is a corporate domain name management and brand protection company that look after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.