Cybele Negris is CEO & Co-Founder of Webnames.ca & WebnamesCorporate.com leaders in domain name registration, webhosting and online security
As a business leader, your brand and reputation are two of your most valuable assets. Businesses with strong reputations benefit from increased customer loyalty, which can translate into brand advocacy, the ability to attract top-tier employees and an overall perception of offering good value.
According to Harvard Business Review, having a good reputation also enables brands to charge a premium for their goods and services and can greatly affect a company’s market valuation. When it comes to mergers and acquisitions, brands with high customer satisfaction can command more than those with similar or better financials, but less satisfied customers.
First-rate reputations require clear values, intentionality, consistency, excellent customer service and time to build. After 20 years in the domain name management business, new client acquisition at my company is in large part driven by customer referral and brand advocacy these days. Our referred clients also have higher lifetime value than those acquired from search marketing, content marketing or paid advertising.
Here’s the thing, though: When it comes to your online presence, seemingly minor oversights can bring about catastrophic damage to brands and business reputations. Managing your brand’s reputation online can be complex and fast-moving, which is why it’s vital to control the variables that you can.
Through helming a domain management company, I’ve witnessed countless small businesses and household brands lose access to websites and email, have personally identifiable customer data stolen, see their traffic redirected to nefarious websites, struggle to counteract brand impersonation by fraudsters and have their domain names held for ransom by cybercriminals. In most cases, these situations can result in lasting damage to a brand.
Thankfully, the majority of these incidents are preventable with foresight and planning, in addition to the implementation of simple best practices. Let’s learn from their mistakes, shall we? Below are common domain-related vulnerabilities that can wreak havoc on small and large businesses alike, culminating in both revenue loss and reputational damage.
Missed Domain Name Renewals
I’ve seen this happen both to major companies and innumerable small businesses every year: A critical business domain name accidentally expires, which causes the business to take operations offline and impacts customers dependent on those services. Imagine thousands of clients unable to access their email, business marketing platform or banking information because an administrator’s contact information didn’t get updated, auto-renewal wasn’t turned on or the credit card on file expired. It’s the stuff of nightmares, yet it can be easily mitigated through internal policies and auto-renew and expiry protection.
Deliberate Domain Expiration
Then there’s the case of domain names that businesses intentionally decide to let lapse because they’re no longer using them or have rebranded. In my experience, if a domain was previously associated with a business website, possesses domain authority or receives residual traffic from prior years of use, it will catch the eye of scammers. Unfortunately, there’s no shortage of ways to nefariously use an expired domain name; they can be re-registered and used to create lookalike websites that harvest customer data, fake online stores or email addresses for phishing campaigns. The solution I recommend is to renew them indefinitely. While that might sound excessive, I’ve found this can be an inexpensive insurance policy to safeguard your security and reputation.
Shared Access To Registrar Accounts And DNS Settings
The more people who have access to core domain names and DNS settings, the greater the risk of something going wrong. Always operate by the principle of least privilege to reduce the risk of attackers gaining access to critical systems. While it’s possible that a disgruntled employee could redirect your DNS elsewhere, the bigger threat comes from providing bad actors more potential entry points for domain hijacking. Once they get a hold of your domain, they can do whatever they want with it, including taking it offline, redirecting to a clone site, spewing malware or extorting money. If multiple business units truly need access, establish hierarchical user roles and use unique logins to offset the risk, in addition to registrar and registry domain locks and multifactor authentication.
Poor Cybersecurity Awareness
When business domain names are compromised or hijacked, I’ve found it often occurs through phishing or social engineering. That’s why cybersecurity training for employees is critically important. While the most obvious phishing attempts can be easier to spot if there are misspelled words, an unfamiliar or oddly formatted domain name, bad grammar, etc., social engineering attacks can be harder to identify.
Cybercriminals who use social engineering attacks often impersonate an employee or senior manager in an organization or affiliated company. Or, they might even try to present themselves as a representative from your domain registrar, taking advantage of familiarity or authority to gain the target’s trust. Employees need training to recognize, avoid and report threats to reduce organizational cyber risk. If you don’t have professional cybersecurity awareness training in place, run — don’t walk — to make that happen.
No Proactive Brand and Domain Monitoring
Hundreds of thousands of domain names spoofing legitimate businesses and trusted brands are registered by cybercriminals every year and then used to phish employee login credentials, sell counterfeit products, redirect traffic and transmit malware. Using a domain name monitoring service to track registrations that use your trademarks, brands, product names, as well as variations and misspellings, can help identify brandjacking activity and potential threats to your organization before they can inflict damage and erode your brand. (Full disclosure: A number of companies, my own included, offer these services.)
Now that we’ve gone through the bad and the ugly, let’s end with the good. Most domain name threats are preventable if businesses enact basic domain management policies and procedures, invest in cybersecurity education and use affordable domain security tools to protect business-critical domains. The online world is always evolving and bad actors are continuously advancing their tactics to uncover and exploit new threat opportunities as they arise. Businesses and brands need to be proactive to protect their customers, revenue and reputations. After all, as the saying goes, your reputation becomes your reality.