Internet domains are virtual properties on the Internet that reflect our unique brand.

Acquiring, managing, and renewing domains is a normal part of managing your company's presence on the Internet; failing to maintain annual ICANN requests or renew a domain means your website and email would stop working, and you run the risk of losing that intellectual property tied to your marketing.

Because of that, there's a bunch of incentive to interrupt these processes and to seize control of your property. Robot squatters can swoop-in, grab your domain, and extort your company so it can be returned to you. Further, you'll receive fraudulent notices in physical mail telling you that you must renew your domain with another registrar, whose intention is to also extort money from you. Finally, the data surrounding the domain's registration is technical and vulnerable to outside hackers looking to change the way your website works or how email routes. 

I want to protect my clients and ensure no disruptions in their service. This is why I’ve started offering a Domain Management service to my clients this year.

Under this service, I assume administrative and technical responsibility for my client's domain. My services:

• Monitor the domain renewal process on behalf of my client;

• Pass domain renewals through my own invoicing;

• Allow me to become a single point of contact for managing the domain as an asset, to help remove the complexity of technical issues involving the Zone File with web developers and others who rely upon it;

• Allow me to become a gatekeeper so that I can deflect attacks to prey upon my client’s domains and to avoid the risk of DNS scams;

• Setup privacy controls and restrictions that shield the personal private information of my client's from attacks;

• Manage MX, SPF, and DKIM records essential to my client's security and experience with Google Apps;

• Secure the name server to prevent DDOS (Distributed Denial of Service) attacks and brute force password attacks against my client’s own accounts.

The big benefit here is that I become a trusted custodian and guardian of my client's Internet presence. 

My pricing is very straight forward: $15/year/domain - annual renewals pass through my invoicing.

That’s it. 

Not bad for a professionally-managed service, and admittedly, not a lot of money it for me. Still, I’m doing this because I have a vested interest in my clients.

I’ve seen when domain Zone Files get hijacked; when companies get extorted out of thousands of dollars; when mail stops routing because of a technical error introduced by a web vendor; when a company’s owner or officer becomes the victim of a fraudster. It’s ugly, and I don’t want it to happen to anybody that I work with. I’m not looking to make a ton of money here; just perform a technical administrative task that’s increasingly at risk.

If you’re interested in this service, just let me know. I can give you a call, talk you through the process, and we can set a date to perform the technical steps necessary to assume control of the domain before it expires. If I do my work right, there’ll be absolutely no impact on your website or email routing. 

The number of cyber attacks against small businesses rapidly grew in 2015. This matters because research would suggest that sixty percent of small businesses struck by a cyber attack close within six months. As the World Economic Forum identified cyber crime as a global economic risk, we're expecting even worse numbers in 2016.

Hackers like small businesses because their digital assets are more lucrative than that of a normal consumer, and, the small business likely has less IT staff or IT safeguards than larger corporations. As this infographic would suggest, small business managers often under-estimate the value of their digital assets (believing that they don't have anything worth stealing), and they don't understand the risk of exposure due to their loss.

There are a number of Technical Controls that we can implement to help address the problem:

• Access Controls

• Vulnerability assessments

• System patching

• Encryption

• Data backups

• Mobile Device Management

• 2-Factor Authentication

Still, all of those Technical Controls are meaningless unless their actually used and deployed by a business. Small business owners have a couple of avenues of recourse:

1. Owner/managers must take an interest in managing the problem. That means learning more about the risks and the challenges facing the business, rather than ignoring the risk and hoping something bad doesn't happen to them.
   

2. Create formal policies and procedures regarding computer activities. Administrative Controls like policies, procedures, and work instructions clearly communicates management's intention to staff and stakeholders.
   

3. Train employees and staff on those policies and procedures. Educate everyone - every stakeholder - about your commitment to managing information in the best practice means available.
   

4. Update your software and hardware regularly. Observe when devices, personal computers, or software leaves mainstream OEM support and will no longer receive security updates. Replace obsolete equipment that places your firm at risk.
   

5. Prepare an incident response plan. Unless you have one - actually written down, something you communicate and practice against - you don't have one.

But you notice that it starts with the business owner. It starts with them because - without their commitment - none of these steps could possibly be approached.

If you run a small business, don't become a target by neglecting your responsibility to protect your digital assets. Don't expose yourself by taking no action; don't put yourself at risk because you're the lowest-hanging fruit in an orchard of choices for digital pharmers. 

Take ownership and responsibility for the problem.

R

Believe it or not, accessing private data after death has historically been an act of hacking. Yeah, imagine having to hack your loved one's accounts to get access to important stuff like checking and savings accounts, bill paying systems, accounting systems, or invoicing systems.

Essentially, survivors would need to impersonate the deceased, guess at passwords or have passwords rotated by a hack to access accounts, of have secure systems compromised to access data.

And legally, the heir or assign of an individual didn't have any rights to the data. That data was owned by the account holder (who is now dead) and there wasn't a legal transference of digital property rights.

However, effective June 2016 in the State of Washington, this has changed with the adoption of 11.120 RCW Uniform Fiduciary Access to to Digital Assets Act (UFADAA).

UFADAA establishes a standard process for a fiduciary to access the secured digital assets of the deceased found on their devices (computers and mobile devices) and their online accounts.

This special access is limited: it grants the fiduciary access to essentially collect the data and close the account; it doesn't allow for the account of the deceased account to survive forever. 

UFADAA also allows for data to be collected from the principal, accumulated by a designated custodian of the data, cataloged, and held in a trust. It also allows the principal to shield some kinds of data from their fiduciary.

Some companies are more progressive on these matters - like Facebook - allow you to identify legacy accounts: fiduciaries on Facebook that would presumably survive the deceased and could get access to the account to memorialize it. Most companies are far behind this curve of being able to identify others who could access their digital assets after death.

The court can assign data custodians and so can businesses and individuals. However, it's recommended that a will/Power of Attorney specifically declare UFADDA rights.

If you're concerned about this - and if you own a business, you'd want to be concerned about this - you'd want to speak to your attorney about including UFADDA rights into your succession planning.

Also, you'd want to check online services that offer legacy accounts (or some means of designating authorized survivors) and set those up.

And finally, you'd want to grant some degree of access to your password manager for the fiduciary following your demise. Most password manager services allow for a legacy account to be designated; otherwise, a master password, written on paper, stored in a sealed envelope, and safeguarded in a safe place, may also suffice (a broken seal may be a visual trigger to reset passwords).