October is Cybersecurity Month! This week we'll talk about the Five Pillars of website security.
Pillar 1: Know your information
The first pillar is to know your information. Know where your website is hosted (or which platform it is built on).
Know where your domain is registered and when it renews (more on this in a minute).
Do you have a separate store? What about other connected services like email marketing? Know your providers, their websites, and your login credentials.
Know which "plan" or subscription level you are on, your payment method, and when your payments are due.
Knowing your information is one of the keys to keeping your website and digital tools safe.
Keep your domain safe
Let's start with information about your domain registration.
A while back, a client forwarded me an email telling her she needed to send money to ensure her domain was secure.
"Do I need to worry about this?"
Clearly, she was already a little worried.
And I was able to tell her - no, this is a scam. Just delete it.
It was a domain registration scam, and they were trying to scare her into paying them "to make sure she didn't lose her domain."
It makes me grumpy to see these kinds of scams. They prey on people who are giving everything they have to their small business or side hustle but are less familiar with the tech side of their business.
Scams like that lose their power when you know your domain and other business or tech information.
Information to know about your domain
Regardless of who is taking care of it for you, make sure you know these things about your domain:
Where is your domain registered?
When does it renew (usually yearly)?
What is your payment method? (Is it up to date?)
Do you have domain privacy enabled?
Pro tip: 3 of the 4 can be answered by looking up your domain in one database: the Whois database. The link is in the next section.
What is domain registration?
A domain registrar assigns domains for a yearly registration fee. When you request a particular domain, like yourbusiness.com, that domain is assigned to you as long as you keep paying the fee.
That domain is then used as your website address - so it's a little like renting a PO box.
GoDaddy, Google Domains, or my favorite, NameCheap, are popular domain registrars.
Alternatively, if you have a website on Wix, Squarespace, Shopify, etc., your domain may be registered through your website platform.
If you have no idea where your domain is registered, you can find out!
Use this link: https://lookup.icann.org/en/lookup
Enter your domain, and this database, the Whois domain registration database, will give you any public information about your domain.
One of the things it keeps track of is the registrar for every domain.
What is domain registration renewal?
Domain registration expires at the end of the registration period. When you register your domain, you pay the fee for a particular registration period, usually a year.
At the end of the registration period, you must renew your registration by paying the fee for the next period. If you don't, you could lose access to the domain - which means your website will not be available at your domain! So someone else can buy it and use it for their website - NOT our ideal scenario.
Some registrars allow multi-year registration, so you only have to pay every 2, 3 or even five years.
You can find your domain registration expiration date in the information from the same Whois database I mentioned above. Most registrars allow you to set your domain to renew automatically. So you just check to ensure it gets renewed at the right time.
Which leads to...
What is your payment method?
Your registration renewal payment method is not available in the public Whois database.
If your domain registration is set to be automatically renewed, make sure you know what the payment method is and that it is current. Update credit card or other payment information so there are no hitches in renewing your domain.
Note that to check on this, you have to be able to access your domain registrar! So that's another critical piece of keeping your domain safe.
Do you have domain privacy enabled?
This last question is less of a big deal, but I like to have domain privacy enabled on my domains.
Remember that link I shared with you? It's a public database called "Whois," which keeps track of information about the people or organizations that register domains.
If you look at the information available using the Whois database for my domains, my name, phone number, address, and business information are not available in the database.
Without domain privacy enabled, some of that information could be available online just by looking up my domain in the Whois database.
So I like to enable domain privacy on my domains so that I have a little less spam and a bit more privacy.
Domains are a critical business asset - some domains sell for piles of money! I hope these tips help you keep yours safe.
Links to the other pillars of website security:
Website Security Pillar 2: Develop Good Password Habits
Website Security Pillar 3: Keep Your Software Updated
Website Security Pillar 4: Keep Good Backups
Website Security Pillar 5: Limit Access to your Site
