Home / Blogs

3 Reasons It’s Crucial to Review Your Domain Lock Portfolio Now

Just as we started the new year, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s (CISA) issued an alert. On January 6, 2020 , they warned of domain name system (DNS) hijacking and other cyber threats that may be used by nation-state threat actors to disrupt business activity and take control of vital internet assets. A familiar refrain heard in 2019 now repeating in 2020.

If your reaction to this is “what is DNS hijacking?” or “when did we last review our domain name portfolio with a view to mitigating this threat?,” here’s what you need to know:

DNS hijacking is when a cybercriminal or hacker (in this case, potentially state-sponsored) diverts website visitors to a defaced website, or a fraudulent one, to steal login credentials and confidential data. Information can also be harvested from inbound emails, then used to launch sophisticated phishing attacks on customers and employees using a company’s own domains to make the phish appear legitimate. This poses a threat as not only a serious data breach and a privacy nightmare, but also a business continuity risk.

There are three reasons it’s essential to review your domain lock portfolio regularly, comprising registry and registrar locks, and especially now:

  1. Your domain portfolio is constantly changing with the launch of new brands, the retirement of old ones, developing operations in new markets, as well as buying and selling businesses. Therefore, you need to both understand what your business-critical domains are at any given time, and ensure they have the right security in place—including domain locks.
  2. At the same time, the domain registries are constantly updating their offering and processes, and as new domain extensions become available for locks, it’s important to ensure you’re taking advantage of them.
  3. DNS hijacking is a constant threat, but it can be mitigated. Registry locks are the most effective preventive measure that should be put in place.

To understand more about DNS hijacking and locks as a control measure, I’ve also written a post about the various types of domain locks and its effectiveness.

By Ken Linscott, Product Director, Domains and Security at CSC

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign