Your organization domain name is unique to your company. It correlates to your IP address and is used to search for your website and for your employees’ emails.
A cyber criminal can impersonate or infiltrate your domain in order to trick someone into clicking on a malicious link (also known as phishing). The following are steps you can take to protect your domain name from malicious actors.
- Register your domain name with a reputable domain name registrar (if the registrar is hacked, you are at risk)
- Think of similar names that could be registered to fool someone (e.g., for StateFarm.com a similar name might be StateFarrn.com which looks the same until you look very closely) then register those names and have them direct traffic to your actual site
- Maintain close control of admin access to your domain. Limited the number of people who have access and also implement two-factor authentication.
- Use DMARC (Domain-based Message Authentication, Reporting, and Conformance) to validate emails to limit email spoofing attempts
- Use DNSSEC (DNS Security Extensions) on your servers to ensure verification of the sender