Everything you need to know about domain hijacking

Every business owner knows the importance of a good domain and anyone who’s tried to find one will know just how hard it can be. Early-adopters have already grabbed many of the best domains, which means that they are now either in use or only for sale at premium prices.

The good news is that, with a bit of creativity, you can still come up with a great domain name and build it up to meaningful authority with the search engines. The bad news is that if you do, you will potentially make it a target for domain hijackers. Here’s what you need to know about them.

Domain hijackers generally exploit weaknesses

Cybercrime is very much like real-world crime. One of the similarities is that many of its perpetrators are, essentially, opportunists rather than skilled professionals. What this means in practical terms is that they are far more likely to probe for weaknesses that they can exploit than to crack open a site through their advanced technical skills.

This means that basic, common-sense security precautions can go a long way to protecting a site from their attacks.

The basics of protecting your domain

The first, and arguably most important, step in protecting your domain is to choose a good domain registrar with decent security features. In particular, you want one that supports two-factor authentication and if this needs to be turned on (as opposed to being on by default) which is currently often the case, then make sure that you do turn it on.

Currently, two-factor authentication tends to be by means of phone calls or text messages and since most people have smartphones these days you’ll want to make sure that they are protected by a reputable antivirus/mobile-security app. Otherwise, you might find yourself falling victim to malware and/or SIMjacking.

Take password creation seriously. Two-factor authentication is not an excuse to use weak passwords or to keep recycling a password that is theoretically strong but that you use on every site on the internet.

Follow the usual guidance about creating strong passwords and exercise reasonable security precautions about entering them.

In particular, make sure that you have robust security software on any device from which you access your domain (including mobile devices), be very cautious about entering it over public WiFi and make sure that nobody can see your screen or keyboard as you type, even if you only see placeholders instead of letters.

Remember the dangers of social engineering and make sure that anyone who has legitimate access to your domain is kept well-informed of them and of the potential consequences of anyone gaining unauthorised access to what is likely to be one of your company’s most important assets. Your reputation will be on the line and your customers might start asking themselves why they should entrust you with their data if you are unable to keep your own domain secure. You may even be held legally liable for any ensuing damage.

SUBSCRIBE

LIKE TO STAY IN TOUCH

The best way to stay in touch with us and get all our exciting news on IT, security, technology and trends is to sign up for our newsletter or join us on social media.

SUBSCRIBE