You are a distributor that sells your supplier’s brands, so aside from worrying about your own company’s domains, you’ve got nothing else to worry about, right?

Wrong.

In recent news, a supermarket chain had to recall children’s snacks branded with a popular cartoon character from all their stores in the UK after a domain name printed on the packaging was redirecting to explicit adult content.

Did the supermarket own the snack brand? No. Yet it had to conduct a nationwide recall, offer full refunds, and put out a public relations announcement to tell customers to refrain from viewing the website. This impacted its operations, revenue, and brand reputation.

What happened?

The printed domain name used to belong to a sub-brand of the manufacturer of the cartoon’s merchandise. The manufacturing company was dissolved last year, and it’s believed that the domain name was lapsed, reregistered by a third party, and now hosts adult content.

It’s not known if at the time of the production of the snacks and their packaging that this could have been prevented.

But what’s clear is that domain portfolios are in constant flux when new companies are formed, closed, or when mergers and acquisitions happen. New domains are registered, domains change ownership, some domains are forgotten or intentionally lapsed, and cyber squatters and criminals alike are quick to profit from this.

When a domain is lapsed, the new registrant has rights to the domain ownership and its content as long as it does not infringe on brands or host malicious or illegal content.

Lessons learned

• In today’s connected world, no company is immune to the impact of oversights in domain portfolios, even if they don’t own the affected domains.
• There may be pressure to lapse domains as a cost-cutting measure, but be aware of the potential impact when domains are re-registered by third parties who host unsavory content.
• Your suppliers are part of your supply chain that introduces risks to your business, and the state of their domain portfolio and security posture could impact you.

What you can control

Conduct your due diligence when working with your partners and suppliers. Are they as security conscious as you, and do they have the domain security measures in place to mitigate the risks of domain name abuse?

Make sure to secure what you do own. Work with an enterprise-class domain registrar who can put domain security measures in place to ensure no unauthorized changes and lapses to your domains and domain name system (DNS) can be made, and has the experience to work with you strategically when rationalizing a domain portfolio.

Not only monitor your main domains, but also monitor your subdomains for potential dangling DNS that could just as easily be hijacked to point to nefarious content. Subdomain hijacking is a much harder cyber attack to identify as the domain and subdomain still belong to you, and only either strict cyber hygiene or constant subdomain monitoring can identify and mitigate the threat.

Activate a blocking network such as Domaincasting if you do find infringing or malicious websites to stop the content from displaying to your consumers. Then follow up with the appropriate enforcement action to take down the content.

If a third party owns critical or vital domains that used to belong to a legitimate brand, there are a few rights protection mechanisms that can be activated. But where there are no rights and legitimate ownership in place, remediation becomes more challenging, so it becomes even more important for companies to proactively ensure both themselves and their partners are secure before an incident happens.

Feel free to contact us if you’d like to learn more how you can mitigate domain security risks.