by special guest author Statton Hammock, Principal of ASHnet Legal Services, PLLC
As shared in our first article on domain name security, a website is the most important online marketing, communication, and donations tool that a non-profit organization possesses. Therefore, it is crucial for an organization to protect their portfolio of domain names from hackers, hijackers, phishers, and malware distributors. In this second article on securing domain names, we suggest the following additional measures to protect your domain names from threats from outside third parties:
Enable Two-Factor Authentication. Almost every domain name registrar offers this added security feature which makes it difficult for a hacker to access an organization’s domain account and hijack valuable domain names. Two factor authentication (2FA) requires a user to provide a second piece of information in order to gain access to the account (for example, a password plus a phone number, or an email address plus a special generated code). 2FA is relatively easy to set up within a registrar portal and ensures that no one can gain unauthorized access to the registration account and transfer your valuable domain names to another registrar or alter other account information.
Use a DDOS Mitigation Service. A distributed denial of service (“DDOS”) attack occurs when someone attempts to bring down an organization’s website by flooding the DNS server with so much user traffic that the server cannot handle the volume and crashes, paralyzing the operation of the website. A DDOS attack can have a tremendous adverse impact on the ability of a non-profit to solicit or receive online donations or send important communications to constituents (consider, for example, the adverse impact of a DDOS attack on a relief agency during a natural disaster or other crises). Many registrars offer DDOS mitigation services, but an organization can also purchase DDOS mitigation from many third party vendors. These services deploy firewalls that either filter out, or reroute, malicious traffic to other servers to prevent website slowdown or non-performance.
Add Registrar and Registry Locks. Most domain name registrars offer an additional “lock” at both the registrar and the TLD registry level to prevent the unauthorized modification, transfer, or deletion of a domain name. Most offerings require an authenticated contact person to answer a phone call or text and specifically consent to an action related to a domain name. With this security feature added, even if an organization’s domain account password is compromised and someone tries to modify, transfer, or delete a domain, the registrar and registry will block the transfer or deletion until the authenticated contact expressly, and specifically, confirms the action. Contact your registrar for further details.
Retain a Domain Watch Services. A domain name “watch” service is typically not offered by a domain name registrar but can be purchased through a brand protection company. A watch service provider will monitor daily domain name registrations occurring in the DNS and notify the organization when similar domain names to the non-profit’s domain names are registered. Watch service providers may also offer related services such as the transmission of cease-and-desist letters to trademark infringing registrants or the filing of claims under ICANN’s Uniform Domain Name Dispute Resolution Policy (UDRP). The important point is to become aware of trademark infringing domain names as soon as possible so that remedial actions can be taken and prevent the potential diversion of donations or spread of misinformation about the non-profit organization’s mission and purposes.
Non-profit organizations, like their for-profit counterparts, heavily depend upon their domain name portfolios to establish their online presence and direct Internet users to important, trusted information about their organization. For non-profits, domain names are critical for supporting websites that enable supporters to donate funds to continue the organization’s vital mission. The additional measures explained above, along with the measures explained in the first blog article on domain security, can help non-profit organizations preserve and protect their domain name portfolios and ensure that the organization’s online presence is maintained.
ABOUT THE AUTHOR
Statton Hammock is a recognized expert in Internet-related law, policy, and brand protection. Statton advocates for regulations, procedures, and industry best practices that promote the security, trust, and safety of the Internet and use of online platforms. Statton has worked with the world’s most recognized brands and non-profit organizations to develop and protect their intellectual property rights online and enhance their digital presence.