Small and medium-sized businesses (SMBs) are increasingly in the crosshairs of cybercriminals. While many small business owners may believe they’re beneath the notice of threat actors, that’s not the case. Threat actors tend not to discriminate; they cast a wide net, and that net may prove particularly devastating for SMBs, which don’t necessarily have the resources to bounce back from a data breach.
However, in this connected age, most businesses can’t do without a domain name. So how can SMBs secure their domains against common attacks?
Why is it so important for SMBs to secure their domains?
A domain name represents a significant investment for SMBs, and it’s a core component of their brand. It is often the first impression a potential customer has of their business, and that has significant ramifications, especially if a domain has been attacked.
A compromised domain can lead to a cascade of negative consequences, including financial loss, reputational damage, and a significant erosion of customer trust. In Q4 2024, the internet reached 364.3 million domain name registrations, underscoring the vast ecosystem of online identities that require protection. Each of these domains, regardless of size, is a potential target for threat actors.
Why (and how) are SMBs targeted by threat actors?
SMBs are frequently targeted by threat actors for several compelling reasons:
- Valuable data: Businesses of all sizes possess valuable data, such as customer information and financial records, making them attractive targets for data theft and ransomware attacks.
- SMBs are softer targets: SMBs typically operate with leaner IT resources and budgets compared to large enterprises, meaning their security infrastructure may be less robust and more susceptible to breaches. This perceived vulnerability makes them easier targets.
- Supply-side attacks: The extended ecosystem also plays a role. By compromising an SMB’s domain, attackers can potentially gain a foothold into larger supply chains or partner networks.
Threat actors tend to use a couple of common tactics when attacking SMBs’ domains: spoofing and phishing.
What are spoofing and phishing?
Spoofing and phishing are two of the most common and insidious cyber threats that directly leverage domain vulnerabilities.
Spoofing is a technique where an attacker disguises a communication from an unrecognized source as being from a legitimate, trusted source. This can manifest in various forms, such as email spoofing, where fake emails are sent from an address that appears to be from a known company or individual, or DNS spoofing (also known as DNS cache poisoning), where an attacker redirects a user to a fraudulent website by manipulating DNS records.
Phishing is a type of social engineering attack that relies on spoofing, often through email, to trick individuals into revealing sensitive information, such as login credentials, credit card numbers, or personal data. Attackers frequently use domain variations or misspellings (typosquatting) to create convincing fake websites that mimic legitimate ones, further enabling these deceptive practices. For instance, a user attempting to visit yourcompany.com might inadvertently be directed to yourcompay.com or your-company.com through DNS manipulation, leading them to a malicious site designed to steal their information.
What does it mean to ‘secure a domain’?
Securing a domain goes far beyond simply registering a name and ensuring website functionality. It’s a multi-layered approach designed to protect the domain name itself, its associated records, and the integrity of communications sent from it. At its core, securing a domain means implementing measures that prevent unauthorized access, modification, or misuse of the domain name and its related services. This involves safeguarding the domain registrar account, ensuring the accuracy and security of DNS records, and employing authentication protocols that verify the legitimacy of email and web traffic originating from the domain.
It also involves protecting against domain hijacking, where attackers gain control of a domain registration, and DNS spoofing, which redirects users to malicious sites. A secure domain strategy is crucial for maintaining brand integrity, preventing fraudulent activities, and ensuring that customers can reliably connect with the business through its intended online presence.
Why do SMBs struggle with domain security?
Despite the critical importance of domain security, many SMBs face significant hurdles in implementing and maintaining robust defenses. These challenges often stem from a combination of resource limitations, technical complexities, and a lack of clarity regarding responsibilities.
Limited staff and time
SMBs typically operate with small teams where individuals often wear multiple hats. This can mean that dedicated IT security staff are scarce or non-existent, and existing personnel may lack the specialized knowledge required for comprehensive domain security management. The daily demands of running a business can overshadow proactive security initiatives, leading to a reactive approach where security measures are only addressed after an incident occurs. This constraint makes it difficult to dedicate the necessary time to understand, implement, and continuously monitor domain security protocols.
DNS record complexity and jargon
Domain Name System (DNS) records are the intricate set of instructions that govern how domain names translate into IP addresses and how associated services, like email, function.
Terms like MX, TXT, CNAME, SPF, DKIM, and DMARC can be confusing and intimidating for those without a technical background. The complexity and jargon surrounding DNS record management can deter SMBs from making necessary configurations, leaving them vulnerable. Understanding how these records interact and their implications for security requires a level of technical expertise that is not always available within smaller organizations.
No clear owner for domain and email authentication
In many SMBs, there isn’t a single, clearly-designated individual or department responsible for the overarching security of the domain and its authentication mechanisms. This can lead to confusion and a lack of accountability. For instance, who is ultimately responsible for configuring SPF records, ensuring DKIM is set up correctly, or managing DMARC policies? Without a clear owner, these crucial security components may be overlooked or inconsistently maintained, creating exploitable gaps. This diffusion of responsibility can be exacerbated when domain registration is handled by an outside web developer or agency without ongoing oversight from the business itself.
Missing visibility into domain misuse
SMBs often lack the tools and processes to gain adequate visibility into how their domain is being used or potentially misused. They may not be aware if their domain is being spoofed in phishing campaigns, if fraudulent subdomains are being created, or if their domain is being used in distributed denial-of-service (DDoS) attacks. Without this visibility, threats can go undetected for extended periods, allowing attackers to cause significant damage before the SMB even realizes there is a problem.
Practical steps for securing domains
Fortifying a domain requires a strategic and systematic approach, focusing on implementing robust technical controls and adopting best practices. By addressing the inherent vulnerabilities of the domain name system and its associated services, organizations can significantly enhance their security posture. Below are some practical steps an SMB can take to improve domain security:
1. Implement SPF to control who can send email using your domain
Sender Policy Framework (SPF) is an email authentication protocol that allows domain owners to specify which mail servers are authorized to send email on behalf of their domain. When a receiving mail server receives an email, it can check the sender’s IP address against the SPF record published in the domain’s DNS. If the sending server is not listed in the SPF record, the email can be flagged as suspicious or rejected. This is a critical defense against email spoofing, preventing attackers from sending malicious emails that appear to originate from your organization. Implementing SPF is a fundamental step in preventing your domain from being used in phishing and spam campaigns.
2. Enable DKIM to cryptographically sign your outgoing messages
DomainKeys Identified Mail (DKIM) is another email authentication method that adds a digital signature to outgoing emails. This signature is created using a private key held by the sending domain and can be verified by a public key published in the domain’s DNS records. When a receiving server verifies the DKIM signature, it confirms that the email originated from the claimed domain and that the message content has not been tampered with in transit. Enabling DKIM significantly enhances email deliverability and helps recipients trust that emails genuinely come from your organization, thus mitigating the risk of spoofing and man-in-the-middle attacks.
3. Deploy DMARC to enforce email authentication policies
Domain-based Message Authentication, Reporting & Conformance (DMARC) builds upon SPF and DKIM. It provides a framework for domain owners to tell receiving mail servers what to do if an email fails SPF and/or DKIM checks, and it allows for reporting on these authentication results. DMARC policies can instruct receivers to reject, quarantine, or simply monitor emails that fail authentication. By deploying DMARC, organizations gain greater control over their email ecosystem, ensuring that only legitimate emails are delivered and providing valuable insights into potential misuse of their domain for malicious purposes. This is crucial for combating phishing, as it helps prevent attackers from impersonating your domain.
4. Use TLSA records to strengthen encryption for mail and web services
Transport Layer Security (TLS) records, often used in conjunction with the DNS-based Authentication of Named Entities (DANE) protocol, enhance the security of transport protocols like TLS/SSL. TLSA records in DNS map a domain name to a specific TLS certificate. This allows clients to verify that the certificate presented by a server is indeed the correct and trusted one for that domain, even if there are certificate chain issues or man-in-the-middle attempts. While DANE adoption is still evolving, it offers a promising avenue for strengthening the trust anchor for TLS encryption used in mail servers and other critical internet services. As TLS certificate lifespans are set to shrink to 200 days by March 15, 2026, efficient and secure certificate management, potentially aided by DANE, becomes increasingly important.
5. Set up DNSSEC to protect against DNS spoofing and tampering
DNS Security Extensions (DNSSEC) is a suite of extensions to DNS that provides origin authentication of DNS data, authenticated denial of existence, and data integrity. Essentially, DNSSEC adds a layer of cryptographic security to the DNS lookup process, ensuring that the DNS records returned to a user are authentic and have not been tampered with. This is a vital defense against DNS spoofing and cache poisoning attacks, which can redirect users to fraudulent websites or intercept their communications. By digitally signing DNS records, DNSSEC guarantees the integrity and authenticity of the DNS data, preventing attackers from manipulating traffic destined for your domain.
6. Monitor DNS changes to detect suspicious activity early
Even with robust security measures in place, continuous monitoring is essential for detecting and responding to potential threats. Regularly monitoring DNS changes is critical. Unauthorized modifications to DNS records can be a strong indicator of a domain hijacking attempt or a compromise of the domain registrar account. Implementing alerts for any changes to critical DNS records, such as MX or A records, can provide early warning of suspicious activity. Furthermore, monitoring for the creation of unexpected subdomains or unusual DNS traffic patterns can help identify potential abuse of the domain. This proactive approach allows organizations to investigate and mitigate threats before they escalate, safeguarding their domain’s integrity and reputation.
Secure your domain with DigiCert
In the complex and ever-evolving digital ecosystem, a secure domain is not a luxury but a fundamental requirement for business resilience and trustworthiness. It forms the bedrock of an organization’s online identity, protecting brand reputation, customer data, and operational continuity. However, MBs face unique challenges in achieving and maintaining robust domain security, often due to resource constraints and the inherent complexity of the underlying technologies.
Working with a domain management solution can simplify these challenges. Get in touch to see how DigiCert can help your SMB secure your domain.