It is nearly impossible to succeed in business today without establishing an online presence. Having an easy-to-use domain name that is associated with the organization, for example, where the company’s name or major product is the domain name, is an important part of corporate brand promotion strategy. Without proper counsel, organizations can spend a great deal of time and effort obtaining the domain names that are most tied to their brand identity.
Why Every Organization Requires Domain Portfolio Management
Organizations with international operations face added challenges because they frequently have a large portfolio of domain names including generic domain names, country-specific domain names, and even internationalized domain names. Managing these portfolios can be as intensive a task as managing other features of the business, like intellectual property portfolios.
Domain name portfolio management can actually be more difficult than traditional IP portfolio management because the laws and regulations related to domain names traditionally change more frequently than IP laws and regulations. In addition, the registration of domain names is overseen by a variety of organizations worldwide, each of which has its own policies and procedures.
This article will provide a brief overview of the lifecycle of a domain name within an organization, from acquisition to enforcement.
Domain Name Types
In building a domain portfolio management strategy, a company must have some familiarity with the types of domain names available:
- Generic top level domains (gTLD): gTLDs are the URL endings people most commonly recognize, for example, .com, .org., .biz, and more recently .mobi, .jobs, .travel, etc.
- Country code top level domains (ccTLD): ccTLDs refer to specific countries, e.g., .us, .fr, .uk, .jp, .cn
- Internationalized domain names (IDN): IDNs are domain names written in local languages or scripts, such as Chinese, Arabic, or Cyrillic.
Managing the Domain Name Lifecycle
The corporate lifecycle for a domain name can be broadly divided into four stages: Acquisition, Security, Management and Enforcement. While all of these stages can be managed internally, it is often beneficial to bring in outside experts, particularly when the business has little experience in domain name acquisition and management.
Managing a portfolio first requires building the portfolio. But building the portfolio is more than simply registering a large group of domain names. Before considering how to acquire a set of domain names for your business, it is important for you to develop a comprehensive strategy regarding domain name acquisition.
Your business must then determine which of its needs are being met by registering domain names in order to properly allocate resources to portfolio acquisition and management. Without a clear strategy, a company can overspend on domain names by registering far too many domain names (including names with little impact on the business) or fail to identify domain names that a company should acquire.
A company’s domain name strategy must be tied closely to your company’s brand management strategy and should consider issues such as the geographic reach of the organization, language needs of the target market(s), brand name abuse prevention, and trustworthiness of the domain endings.
Companies should also proactively consider names they may use in the future. An availability report analysis will help determine whether it is sufficient to just register the .com for an organization (unlikely), or whether the organization needs a broad set of gTLDs, ccTLDs, and IDNs.
Frequently domain name acquisition is more complicated than simply registering the desired name. It is not unusual for a domain name to be owned by someone else, whether an owner who is actively using the name or someone who only registered the name in order to sell it at an inflated price. Acquiring pre-owned domains can be complicated, and it is often helpful to rely on experienced and knowledgeable negotiators.
While security could be considered part of ongoing portfolio management, it really deserves its own category because the loss of a domain can lead to significant reputational damage. An organization’s most valuable domains should subsequently be given the highest level of protection to prevent domain hijacking, cybersquatting, and typosquatting (something we have all seen in action when we mistakenly typed in a URL).
Portfolio security requires a similar approach using a comprehensive strategy that applies across all aspects of the portfolio.
The organization’s designed domain admin should always be internal and provide organizational access in case they leave the company. They should use strong passwords and two-factor authentication. According to Cloud Defense, application security is most easily accomplished on a single platform that can categorize identified vulnerabilities and security gaps based on different risk factors.
The Domain Admin Playbook
Your guide to a successful domain portfolio strategy that maximizes the value of your digital assets.
Effectively defending against DNS attacks requires a comprehensive cybersecurity strategy. Organizations should ensure that their domains are registered for as long as possible in order to prevent cybersquatting. Signing up for automatic registration renewal also helps protect domains.
DNS hijacking is also increasingly an issue for domain owners. In a DNS hijacking attack, the cybercriminal effectively changes an organization’s underlying IP address so that it points to the criminal’s servers. The result is similar to what happens with typosquatting – a user is redirected to a fake website, resulting in damaged relationships and damage to the organization’s reputation. Valuable domains should be locked at the registry level to prevent unauthorized changes of ownership or alterations of the domain name.
Portfolio Monitoring and Enforcement
Domain portfolios require active management. An organization cannot just simply register the domain and walk away. In fact, policing is one of the most overlooked aspects of running an online business.
There are many tasks you must complete after purchasing a domain, and these include reviewing, consolidating, and expanding the portfolio as necessitated by your business plan, as well as ensuring that proper policies exist for who can access and manage the portfolio and the extent of their roles.
Once an organization has established a domain portfolio, it must actively monitor for attempts to misappropriate or misuse any portion of the portfolio. Because many organizations do not have the experience to know what they should be looking for, or the capacity to effectively implement a monitoring program, monitoring duties are frequently outsourced.
To protect an organization’s trademarks from misuse by cybersquatters, organizations may consider the use of Domains Protected Marks List (DPML) subscriptions. DPML solutions allow an organization to block a protected mark across multiple top-level domains supported by a particular registry.
While cybersquatting is an obvious concern, typosquatting is increasingly becoming a problem as well. By registering domains with slight variations to an organization’s primary domain, a typosquatter can divert a business’s customers to fake websites, potentially damaging customer relationships and goodwill, as well as the organization’s reputation.
Organizations must be ready to aggressively defend their marks and their domains. Once an issue is identified, the organization must assess appropriate enforcement actions, whether it be litigation or recourse to ICANN’s Uniform Domain Name Dispute Resolution Policy (UDRP) or the Uniform Rapid Suspension System (URS). It is important that organizations familiarize themselves with their options, how each works, and the likely costs and outcomes of each.
UDRPs Gone Wrong: Reverse Domain Name Hijacking
UDRP: Uniform Domain-Name Dispute-Resolution Policy
Final Takeaway: Domain Portfolio Management
Domain names are one of the most important assets for any business, and they should be part of a comprehensive portfolio management strategy that includes targeted acquisition, strong security practices, thorough day-to-day management, and active policing and enforcement. With proper internal strategies and policies, coupled with outside expertise with a trusted partner, organizations will ensure they are getting the most value out of their portfolio.
Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography. Currently working as part-time cybersecurity coordinator at assignyourwriter.co.uk.