Home / Industry

Does Your Supplier’s Domain Oversight Impact You?

You are a distributor that sells your supplier’s brands, so aside from worrying about your own company’s domains, you’ve got nothing else to worry about, right?

Wrong.

In recent news, a supermarket chain had to recall children’s snacks branded with a popular cartoon character from all their stores in the UK after a domain name printed on the packaging was redirecting to explicit adult content.

Did the supermarket own the snack brand? No. Yet it had to conduct a nationwide recall, offer full refunds, and put out a public relations announcement to tell customers to refrain from viewing the website. This impacted its operations, revenue, and brand reputation.

What happened?

The printed domain name used to belong to a sub-brand of the manufacturer of the cartoon’s merchandise. The manufacturing company was dissolved last year, and it’s believed that the domain name was lapsed, reregistered by a third party, and now hosts adult content.

It’s not known if at the time of the production of the snacks and their packaging that this could have been prevented.

But what’s clear is that domain portfolios are in constant flux when new companies are formed, closed, or when mergers and acquisitions happen. New domains are registered, domains change ownership, some domains are forgotten or intentionally lapsed, and cyber squatters and criminals alike are quick to profit from this.

When a domain is lapsed, the new registrant has rights to the domain ownership and its content as long as it does not infringe on brands or host malicious or illegal content.

Lessons learned

  • In today’s connected world, no company is immune to the impact of oversights in domain portfolios, even if they don’t own the affected domains.
  • There may be pressure to lapse domains as a cost-cutting measure, but be aware of the potential impact when domains are re-registered by third parties who host unsavory content.
  • Your suppliers are part of your supply chain that introduces risks to your business, and the state of their domain portfolio and security posture could impact you.

What you can control

Conduct your due diligence when working with your partners and suppliers. Are they as security conscious as you, and do they have the domain security measures in place to mitigate the risks of domain name abuse?

Make sure to secure what you do own. Work with an enterprise-class domain registrar who can put domain security measures in place to ensure no unauthorized changes and lapses to your domains and domain name system (DNS) can be made, and has the experience to work with you strategically when rationalizing a domain portfolio.

Not only monitor your main domains, but also monitor your subdomains for potential dangling DNS that could just as easily be hijacked to point to nefarious content. Subdomain hijacking is a much harder cyber attack to identify as the domain and subdomain still belong to you, and only either strict cyber hygiene or constant subdomain monitoring can identify and mitigate the threat.

Activate a blocking network such as Domaincasting if you do find infringing or malicious websites to stop the content from displaying to your consumers. Then follow up with the appropriate enforcement action to take down the content.

If a third party owns critical or vital domains that used to belong to a legitimate brand, there are a few rights protection mechanisms that can be activated. But where there are no rights and legitimate ownership in place, remediation becomes more challenging, so it becomes even more important for companies to proactively ensure both themselves and their partners are secure before an incident happens.

Feel free to contact us if you’d like to learn more how you can mitigate domain security risks.

By CSC, We are the business behind business

We help effectively manage, promote, and secure our clients’ valuable brand assets against the threats of the online world. Leading companies around the world choose CSC as their trusted partner to gain control of their digital assets, maximize their online potential, and increase online security against brand risks.

Visit Page

Filed Under

Comments

Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC