Last week I got a panicked text from a colleague followed by a nervous phone call. Another lawyer friend was in a jam. The unpleasant situation had nothing to do with legal work or a client problem. He had lost control of his firm’s domain name. He switched to a new online services company, and the vendor needed to access the domain and adjust the settings. The problem was he didn’t know where the domain was registered or how to access it – ouch!
It turns out his partners didn’t know either. We were able to track down his former IT manager, who saved the day. You may not be that lucky. The moral of the story: Keep your site secure, keep control of your domain account.
This may seem obvious, but many law firms do not have a password process in place. Ensure that you know the password to the registrar with your domains. Don’t let an employee or your IT person manage your account. Employees leave, and vendors change. Access should be closely guarded. If your IT person needs access, give them the password, let them make their changes, and then change the password. If they are onsite, you can log in for them and log out when they are finished working on the account. Properly managing your password is critical, but this alone is still not enough. The most secure password can be hacked.
In addition to properly managing your account password, you should enable two-factor authentication (2FA) on your domain account. 2FA provides an extra layer of protection. There are different types of 2FA, for example – text messages, voice-based, software tokens, etc. Ask your registrar what type of 2FA they have in place and ensure this is enabled on your account. If someone accesses your domains without your permission, it can be a gigantic headache and cause problems that could have easily been avoided. Please don’t make the same mistake my friend made. Plan ahead!