Domain names give your intellectual property visibility, as well as provide function for your company’s infrastructure. Vital domain names are simply too important to be left exposed. To protect them, you can add extra layers of security to your digital brand with easy, secure, server-level protection in addition to multi-level locks that combat domain name system (DNS) hijacking and protect against unauthorized changes and deletions to your critical domain names.
DNS hijacking is when a bad actor can divert company customers to a fake website to steal login credentials and confidential data. This poses a threat as not only a serious data breach, but a privacy nightmare, especially in light of more stringent government privacy policies, like the EU’s General Data Protection Regulation (GDRP). Information can also be harvested from inbound company emails, then used to launch sophisticated phishing attacks on customers and employees using a company’s own domains to make the phish appear legitimate. This scenario is a major business continuity risk.
Three reasons it’s essential to review your domain lock portfolio regularly
- Your domain portfolio is constantly changing with the launch of new brands, the retirement of old ones, developing operations in new markets, as well as buying and selling businesses. Therefore, you need to both understand what your business-critical domains are at any given time, and ensure they’re secured properly—including implementing domain locks.
- At the same time, the domain registries are constantly updating their offering and processes, and as new domain extensions become available for locks, it’s important to ensure you’re taking advantage of them.
- DNS hijacking is a constant threat, but it can be mitigated. Registry locks are the most effective preventive measure that should be put in place.
At CSC, we combine the aforementioned locks with an additional mechanism not shown in the WHOIS to protect any THIN WHOIS details held with us as the registrar to offer our MultiLock service. Specifically, we don’t allow any changes through our Domain Manager if MultiLock is enabled, and this is achieved by cutting off automated access to the WHOIS database we manage. This ensures that every step of the chain requires manual validation, meaning the request will be validated by two separate checkpoints—between the client and registrar, and then between the registrar and registry. This approach means that regardless of a THICK or THIN registry, your business-critical domains are protected from the risks of domain hijacking, DNS hijacking, and malicious deletions.
The locks provide the following protections:
- Delete prohibited
Ensures a domain name cannot be deleted or lapsed without the proper authorizations.
- Transfer prohibited
Rejects unauthorized transfers.
- Update prohibited
Blocks WHOIS modifications, including name server re-delegations, without multi-level consent.
None of these locks affect CSC’s ability to auto-renew domain names.