Hey there small business owner reader who hired someone to build your website and who also purchased your domain name for you. Have you thought about what could go wrong if something happened to the person who registered your domain name?
Your domain name is an important digital business asset you own. Firstly, it’s what allows people to access your website. Secondly, it’s what allows your current customers, prospects, and employees to communicate with you over email. If you lost control of your domain name, you’ve lost your website and email.
This loss of control is the risk you’re introducing into your business when someone says they’ll purchase your domain name for you and manage it.
Here are some of the risks:
- Misconfigured domain name registration allows a bad actor to phish the person managing it. If they used GoDaddy, Namecheap, HostGator, or the other myriad of domain name registrars to purchase the domain name, the phishing attempt is to gain control over this account. If the attempt is successful, they could delete the domain name and your business would cease to exist online. They could also make a malware laden clone of your website and point it to your domain name. When someone visits this clone website, their devices get infected.
- Domain slamming scams. The end goal of domain slamming is when an unscrupulous domain name registrar attempts to illegally transfer the domain name from the current registrar to their system. At “best” the victim will pay inflated prices, at worst, the outcome of the first bullet point can happen. These scams are either sent via snail mail or email.
- They forget to renew your registration. If the person managing your domain name doesn’t renew it, your website/email is inaccessible. Where things go seriously wrong is if your domain name isn’t renewed in time and someone else buys it.
- The person who bought your domain name “gets hit by a bus” or their business folds suddenly. The consequences are the same as the point above. At this point, once the domain name expires, you have to hope that you’re able to re-register it before someone else does.
What you should do:
- If you haven’t launched your business yet, buy the domain name yourself so you have complete control over it.
- If your domain name was bought by someone who is managing it for you, have them transfer it over to you.
- If you would rather have someone manage some of the domain name stuff, buy the domain yourself and delegate access to them. Make sure that they’re using 2FA/MFA. Also make sure that you give them the least amount of access to what they can/can’t manage on the domain name.
It’s better to take on the risks of owning your domain name because you have full control it. By doing, if something does happen, you’ll be able to take care of the situation relatively quickly by cutting out the third party.
You may have a valid reason for a third party to purchase and manage your domain name. If that’s the case, make sure they delegate access to you so that you are able to carry out some of the administrative functions. If that’s not possible, you must accept the risks we mentioned in this article and plan how you’ll handle any incidents.
We hope this gives you some insight. If you found this helpful, sign up for our free cybersecurity and intelligence newsletter. You’ll get tips, tricks, tools, news, and goings on/services you might find interesting or useful. If you’re looking for help for your business, reach out by the contact form below and let’s talk.