Banks and Credit Unions, Do You Know Who Holds the Keys to Your Web Properties?
I work with many new banks and credit unions every month to help them launch new websites, migrate websites into new hosting environments, and help put DDoS mitigation and other security protections in place. A surprising number of the financial institutions that come to us for help are in a very precarious position with regard to ownership and access to the control mechanisms critical web properties, including their domain registrar account and DNS administration. When time is of the essence, not knowing who holds the keys to these web properties can create significant delays in getting services transferred or restored. If you’re a bank or credit union executive responsible for managing disaster recovery or information security risks, set aside time today to ensure that you know who manages these three important assets.
Your domain registrar is an ICANN accredited entity that oversees your domain names. This is the organization that provides ICANN and the rest of the world with information about who (in this case, you) has registered this domain name, the names of the domain’s authoritative DNS servers, and the administrative and technical contact people for the domain. Every bank and credit union should know the following about their registrar record and domains:
- Which registrar is every domain name registered with?
- What are the logon credentials to gain access to the administration portal for each registrar account?
- Who are the primary, administrative, and technical contacts for each domain?
- How are payments configured for each domain name and service provided by the registrar?
Many banks and credit unions I work with do not know the answer to some or all of those questions when they first contact me. One of the first steps I take when working with new clients is to help them gather all of this information since having these details is nearly always essential to being able to make any changes to the website hosting, ordering SSL certificates, renewing domain names, implementing some of the security protocols we use, and for renewing expiring or expired services. There are many domain registrars accredited today, but the most common are:
If you’re not sure which registrar your domains are registered with, I recommend performing a WhoIs lookup. The WhoIs results should provide the name of the registrar, and unless private registration is enabled, then the results will also show the administrative and technical contacts listed on the domain registration.
In addition, ensure that you know when each domain name registration is set to expire, what billing methods are configured for the domain name, and where the registrar is configured to email billing notices. I have seen many organizations go through a lot of hassle, expense, and embarrassment caused by a domain registration expiring due to out of date credit card and billing contact information.
If you’re not familiar with DNS, or Domain Name Server, you can think of it like a phone book. When you type a domain name into your web browser, your computer initiates a series of requests to find out the IP address of the web server that hosts the website whose URL you are trying to visit. An IP address is like a phone number and like your telephone, every device connected to the Internet has a unique IP address.
Every domain name active on the Internet has an authoritative set of DNS servers. DNS servers store and share the IP addresses assigned to your Internet connected web properties or devices. Your domain registrar is the conduit that tells the world which DNS servers are authoritative for your domain name. DNS servers tell visitors where to find your services, such as your website and your email servers. If your domain registrar has incorrect DNS servers listed for your domain, your visitors will not be able to find your website.
Someone affiliated with your organization, such as an employee, your hosting provider, or a consultant is responsible for managing your domain’s DNS records. Every bank and credit union should know who this responsible party is at all times. In disaster scenarios where a website, email server, or similar Internet connected service needs to be replaced, the person or company that manages your DNS will be who you contact to get these new services online or restored. In some cases, such as a DDoS attack, you may need to quickly update DNS settings to help fend off the attack. It’s best to know before an attack occurs who you need to contact for this critical component of your web technology.
A WhoIs lookup will typically reveal the authoritative DNS servers for a domain. Look toward the bottom of the results and you’ll see reference to Name Server or DNS Server, with a corresponding fully qualified domain name for two or more servers. These are the authoritative DNS servers for the domain you looked up. Make sure you know who manages these servers and document it in your disaster recovery plan.
Generally DNS isn’t something the CEO or other non-technical employees of the bank or credit union should manage, but key executives should always know who to contact for DNS changes.
SSL is the standard for securing communications between website and visitors’ devices. SSL certificates are issued by issuing authorities, such as Comodo, Symantec, and many other entities. SSL certificates are issued for a finite period of time, typically ranging from one to five years. When a certificate expires, web browsers will present a glaring warning to visitors when they attempt to visit your website in an SSL protected session. To prevent these embarrassing warnings, the person responsible for managing the website at a bank or credit union should know when the SSL certificate for its website expires.
To find the expiration date of any website’s SSL certificate, simply visit the website over an SSL (i.e., HTTPS://) connection and then click the lock icon in the address bar to view the certificate details. Depending on the operating system and browser, the name and method of finding the data will be different, but somewhere within the certificate details will be dates showing the certificate start and expiration, or validity period.
SSL certificate validity check
If you’re not sure who to turn to get help, get in touch with us. We’ll gladly help you make sure that you’re in control of the assets that are important to your organization. We’re easy to talk to and we really enjoy helping other people succeed.