Keeping your .gov.uk domain secure
Why use a .gov.uk domain
If you are a parish or town council and operate from a .gov.uk domain name, it is an important to ensure it is as protected as possible. After all, one of the main purposes of operating from a .gov.uk domain is to project a place of authority and authenticity.
By default, just because you have a .gov.uk domain name does not mean it is automatically more secure and protected. In fact, whilst the domain will have a greater level of monitoring because all .gov.uk registries, such as Aubergine, need to be authorised by JISC (the official registry of .gov.uk domains) – a government domain name presents a greater threat of being a target, thanks to the very nature of its trusted appearance.
Security and best practice in line with the Government Digital Service and Cabinet Office guidance is important to us at Aubergine.
Changing the settings of a domain, such as the website to where it points and who can control that, will be under the control of your domain name registry or authorised person. However, it is recommended that an additional layer of security is built in to prevent your .gov.uk domain being pointed to a nefarious website and used for non-official uses.
How to secure your .gov.uk domain
The Cabinet Office in partnership with GDS – The Government’s Digital Service, offer a free service for all .gov.uk domain owners called ‘Domain Locking’. Once a domain name is added to this system, any changes to where the nameservers (the “signposts” service to direct website and email traffic for the domain) must be verified by the clerk directly by the Cabinet Office. This additional layer of verification is a quick but very effective way to avoid your .gov.uk domain name being hijacked and pointed away to an unofficial website or service.
The free service also prevents the domain being transferred away to another owner without additional verification.
Whilst this is not a prevention against the website or emails being hacked directly, it does provide additional protection to the domain name itself being taken over or hijacked.
In addition to this service, as a .gov.uk domain owner, you can also sign up to the NCSC (National Cyber Security Centre) notifications to alert the domain owner of any potential threats to the domain or website in real-time.
We strongly recommend that all our .gov.uk domain name owners sign up for both free services.
To sign up to the service, follow the instructions provided on the Government’s Central Digital and Data Office website: https://www.gov.uk/guidance/keeping-your-domain-name-secure#make-sure-your-domains-are-registry-locked
If you require any assistance in signing up to the service, please call us on 01525 373020 and ask for Mark Tomkins or Matt Willson. Alternatively, you can contact the Cabinet Office Digital Office directly by email: [email protected]