by special guest author Statton Hammock, Principal of ASHnet Legal Services, PLLC
The most important marketing, communication, and donation tool that a non-profit organization possesses is its website. Despite use of social media platforms and other mobile applications to create an online presence, an organization’s portfolio of domain names remains the single most important toolset to attract donors, volunteers, and non-profit partners to an organization’s website. As a result, it is crucial for every non-profit to secure these valuable assets from inadvertent deletion, unauthorized transfer, or disruption. In this first of two articles on how to protect and secure domain names we outline the important steps non-profit managers should follow to prevent disruption to an organization’s online presence:
Limit Access to Domain Account. Many non-profits operate with a small staff which often means that, because of operational efficiency, every staff member has access to every business account. Permitting access to an organization’s domain name account, however, greatly increases the risk that a staff member may inadvertently delete a domain, transfer a domain, change the DNS, or create a new credential that can disrupt the functionality of the domain name resulting in suspension of the organization’s website. An organization should designate a single person to be the manager of its domain portfolio and its registrar account—a person solely authorized to make changes such as adding or deleting domain name registrations.
Enable “Auto-Renew” Feature. Domain names are usually registered for a one-year term and renewed annually on their creation dates. To preserve the lifecycle of an organization’s domain name and prevent inadvertent expiration and deletion, non-profits should enable the “auto-renew” feature in the account manager portal for their most important domain names. With the “auto-renew” option selected, the domain name registrar will automatically renew the domain name just prior to its expiration date. This will ensure the domain name does not delete and continues to direct Internet users to the organization’s website.
Watch Out for Domain Homographs. A domain name “homograph” is a domain name that, at first glance, looks like an organization’s legitimate domain name but is comprised of lookalike letters or numbers with characters from Latin, Greek, or Cyrillic script tables—think, for example “cαt.cσm” instead of “cat.com.” Phishers use these homographs to create fake email addresses for sending emails to employees or donors with the intent of defrauding the recipient or distributing malware. To protect an organization from phishing, pharming, botnets, and other forms of DNS abuse, it’s critical for an organization to educate its staff to pay close attention to email address lines with odd characters that appear with email messages that seem peculiar.
Acquire an SSL Certificate. A SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the web server using SSL technology. For a domain name used for a non-profit’s main website, an SSL certificate will ensure that confidential or sensitive information (such as donor contact information or bank account information) shared between the Internet user and the non-profit’s website server is encrypted and not vulnerable to hacking.
Consolidate Domain Name Portfolios. If a non-profit has been operating for many years, it may have domain names registered with more than one registrar. Having multiple domain name accounts spread across different registrars increases security risks and makes it harder to manage registration and expiration dates. Other perceived advantages of using multiple registrars often don’t play out so it’s best to consolidate an organization’s domain name with a single trusted domain name registrar.
Leverage Your Customer Service Representative. Most large retail or corporate domain name registrars have knowledgeable customer service and technical support teams that can advise their non-profit registrants regarding new security features being offered by the registrar, a registry, or by other services providers in the domain industry.
Non-profit organizations rely heavily on their online presence to engage with their target audiences whether they be volunteers, donors, or other non-profit partners. Compared to other valuable intellectual property assets like trademarks and copyrights, domain names are easy and relatively inexpensive to acquire. However, that does not make them any less valuable and so must be protected. The simple measures shared here can help non-profit organizations preserve and protect their domain name portfolios and ensure that their organization’s website remains functional.
ABOUT THE AUTHOR
Statton Hammock is a recognized expert in Internet-related law, policy, and brand protection. Statton advocates for regulations, procedures, and industry best practices that promote the security, trust, and safety of the Internet and use of online platforms. Statton has worked with the world’s most recognized brands and non-profit organizations to develop and protect their intellectual property rights online and enhance their digital presence.