Impact Labs Australia Logo
Free Rebranding Handbook

Data security during a rebrand

Danny Ruspandini - Impact Labs Australia
Danny R.

Lapsed or expired domains pose a serious security issue for your organisation. The larger and more visible your organisation is, the greater the risk.

When an organisation changes it’s name, people from the outside will see the website and email addresses change from oldcorp.com to newcorp.com.

So now that you no longer need the oldcorp.com domain name, what should you do with it?

If it’s a premium domain, and parting with it doesn’t cause any confusion for your new org, one option might be to have it valued and sold through a domain broker.

From a security standpoint though, my overwhelming recommendation is to hold onto it and not let it lapse.

Quick story

In around 2018, we supported a client through a rebrand with a name change.

There were several months of crossover where both domains were active, and involved things like replying to laggard emails sent to @oldcorp.com addresses to direct everyone to the @newcorp.com ones.

The “oldcorp.com” domain was not premium and of no further use, so once the email volume dropped, they switched off auto-renewal with their domain host, and at the next billing cycle the oldcorp.com domain simply lapsed.

The analytics team still had the old domain on one of their monitoring systems though, and only weeks later it blinked back to life.

Someone had reregistered it - which wasn't completely unexpected, but some digging revealed that all the previous email addresses had also been reinstated, which was suspicious.

Sending a few emails to those addresses revealed that the new owner was not a legitimate business - they were using the domain to mimic our client.

The first concern was that they might start intercepting emails which wasn’t ideal but had mostly already been dealt with... but we pretty quickly realised that wasn't the real problem.

Any digital account previously opened with an oldcorp email address was now under threat.

All the hijacker had to do was visit any website, enter the @oldcorp.com email address, hit the “reset password” link and if an account existed, boom - they were in.

Now the rebranding process was thorough - digital accounts on systems such as Xero accounting and Google were already updated to newcorp, but it highlighted a major security concern with lapsed domain names.

Why is this bad?

It might not be obvious, but one concern is that access to digital accounts can allow a hijacker to view private company or employee data, from home addresses to credit card details - that's just one example.

Of course, certain domains are harder to register (for example, anyone can register a .com domain but a .com.au domain requires a valid ABN - but shady types will find ways around this).

The lesson

Most domain names are an extremely minimal expense, often less that $30 per year.

The scenario above might be unlikely, but for the sake of security, avoiding the pain of a massive fallout, and a few bucks - in most cases I'd suggest holding on to your old domains and never letting them lapse.

We send sustainability and rebranding insights like this every day.

Jargon free, designed specifically for Aussie organisations.

Feel free to sign up »

    We'll never sell your data, unsubscribe anytime.

    We acknowledge that we work on the lands of the Wangal peoples of the wider Eora nation in the place now known as Sydney. We are humbled to work on Wangal lands, used for generations as a place for Aboriginal learning and knowledge exchange.

    We respect the Elders of the past, our current Elders and the Elders we are building for our future. May we all continue to look after Wangal, Eora and surrounding lands.
    Impact Labs Australia Logo
    Resources and tools for efficient rebranding in line with your sustainability goals.
    Sign Up
    Get exclusive rebranding insights that we only share with email subscribers.
      © 2022 Impact Labs Australia.
      crossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram