Advice Archives - Enom BlogEnom Blog |

Data Privacy Day 2021: Data Protection by Design

January 28, 2021

January 28 is Data Privacy Day! Privacy a topic we’re hugely passionate about, and we’re really proud of the work we do to protect the personal data we’re entrusted with and to advocate for the privacy rights of domain owners and our resellers. It should go without saying that we approach data protection with great care and consideration year-round, but it’s nice to have a dedicated day when we pause to reflect on why data privacy is so important. I’m taking this as an opportunity to highlight some quick data privacy tips which are ready to be shared with your customers (TikTok video below), recap what Tucows (Enom’s parent company) accomplished in 2020, and provide some insight into our plans for the year ahead.

Data privacy tips for your customers

Here are things that all of us should know when sharing our data online, also available in TikTok form.

1. You have the right to access your data and correct inaccurate information
  Every company you share your data with should have this functionality. Check the app settings or contact them to find out more.
2. You have the right to know if a company is sharing your data and a right to give or withdraw your consent to share it.
  Privacy settings are super important in controlling which information apps and services can share. Make sure you keep track of them!
3. If you consented to optional data use, you can withdraw consent at any time.
  When you click “I consent,” that’s not permanent! You can change your mind and take back control of your information.

Data protection by design at Tucows

We work hard to ensure that high standards of privacy and data protection are present in our products and services from start to finish. But what does this process actually look like?

Planning

Data protection begins in the planning phase, where we conduct comprehensive reviews called Data Protection Impact Assessments (DPIAs) for any new product or service we want to introduce that touches personal data. This includes changes and additions to our reseller services, as well as any tools or applications we adopt internally. These Assessments help us identify and document any possible risks to the data, and our methods of mitigating those risks.

Implementing

In the product development and implementation phases, and while services are active in our platforms, we follow regulatory requirements for data protection, adhere to industry best practices for security measures, and have robust processes in place to respond to customer privacy concerns and fulfill data subject access requests.

Review

We have also put in place a new annual review process for our Data Protection Impact Assessments. This involves looking back at all the services we’ve completed DPIAs for, to see if there were changes to how those products or services handle data or any updates that require further data protection work on our part.

Tucows’ progress in 2020

Privacy and data protection work is so essential, but it’s perhaps not the most exciting topic, except to me and my fellow privacy and policy nerds. Nonetheless, we think it’s important to highlight some of the goals we achieved in 2020 related to data protection.

Creating greater transparency

The most visible change was the launch of our updated Data Sharing Preferences (a unique URL where domain owners can set their preferences) and Data Sharing Practices pages. These resources now more clearly explain how and why we process personal data. We also now offer translation of these pages into eight languages, helping data subjects access the information in the language that they’re most comfortable reading.

Advocacy work within ICANN

Within the ICANN policy development world, we worked hard to ensure that the privacy rights of our domain customers are respected. We continue to advocate for policy changes to promote “data protection by design and default” within the domain name system, such as ensuring that registration data is only disclosed to third parties when there’s a valid legal reason to do so. This cause has been central to our public speaking engagements in 2020, including a recent webinar where we shared domain data disclosure statistics from the registrar and registry community (available here, look for September 22 in the chart).

Keeping a pulse on global privacy developments

From the broader international perspective, the biggest change we saw in 2020 was the invalidation of the EU-US Privacy Shield framework, which we blogged about in November.

Plans for the future

Looking ahead to 2021, Tucows’ Privacy Team’s goal is to continue the work we started in 2020 in an expanded and enhanced manner. This includes working to improve how we disclose data processing practices and options to users on our platform.

Our advocacy work with ICANN will remain a priority, specifically ensuring that policy requirements are in alignment with our obligations under data protection regulations, and that when newly-approved policies are implemented they permit adherence to relevant privacy laws.

Finally, we’re avidly following developments to Canadian privacy law with the incoming Canadian Consumer Privacy Protection Act, and working with our contacts in Canada’s Ministry of Innovation, Science, and Economic Development to advocate for privacy rights in the tech industry.

If you have any questions about data protection and privacy as they relate to our Domains, Email, and SSL products, get in touch!

So, that’s what we’re looking forward to in the year to come. How will you celebrate Data Privacy Day? Personally, I plan to eat cake and reset all my passwords.

Increase Domain Sales with Branded Links Integration

September 8, 2020

Advice, Industry Insight, New TLDs

Like

What is a branded link?

While brands are the most important assets for modern companies, links are the foundation of the web. Every time someone clicks, taps, or swipes, there is a link. A link is a bridge between the message and the content, the most relevant call-to-action of online communications. When brands meet links, you get branded links—short URLs created with three elements: your brand (company name or product name), a relevant TLD (there are hundreds of new TLDs to choose from), and a unique keyword.

Branded links are the evolutionary product of traditional links and the already-popular short URLs (created using URL shorteners). They are the most effective and efficient way to share and manage links.

Why you should use branded links

A branded link is trustworthy, memorable, pronounceable, secure, and allows you to do some pretty nifty things. For instance, you can change the destination URL or route traffic based on the person who clicks it (by language or the date or time, for example).

A branded link is traceable, it improves the click-through rate up to 39% and increases the deliverability of emails and SMS.

Rebrandly offers a short and sweet summary of the power of branded links:

Rebrandly’s been a pioneer in the world of branded links since 2005 and now helps
550,000+ companies brand their links, including huge names like Lamborghini, Indeed, Intuit, Ferrero and Puma.

If you’d like to learn more, check out their guide to link management.

How to increase domain sales with branded links

Until now, domain names were employed quite exclusively for websites/blogs, and emails.
Today there is a third use: branded links.

This is a great opportunity for your customers to improve their brand visibility and maximize the effectiveness of the links they share. As a domain reseller, it’s also a great opportunity for you to offer an innovative and useful service for free. You’ll sell more domains and provide real value.

Using Rebrandly as a reseller

With Rebrandly, you can offer branded links at no additional cost to you or your customers. Rebrandly doesn’t charge any sort of fee or commission.

All your customer has to do is to register a domain name with you (no commission to Rebrandly required). And all you have to do is integrate with Rebrandly.

Here’s how it works:

When a customer buys a new domain name for their website you can suggest purchasing a second domain (same name but different TLD) for their branded links. For example, they might buy company.com for their website and company.buzz for their social, or company.press for their PR content.

Rebrandly itself has multiple domains which they use for very specific purposes:

Rebrandly.video for their youtube channel and to share video content
Rebrandly.buzz for social media sharing
Rebrandly.press to share the news with journalists and bloggers
Rebrandly.support for support tickets and to share links to FAQs
Rebrandly.link for general branded links
Rebrandly.click to enhance call-to-action links
Rebrandly.fun for sharing jokes and fun stories internally to their team
Rebrandly.download to share downloadable big files
Rebrandly.academy to share their knowledge base
Rebrandly.sale to share offers to potential customers
Rebrandly.blog to share blog articles

That’s 11 domain names only for branded links, in addition to their .COM corporate site. Many companies have similar needs, making branded links a practical upsell opportunity.

What you (and your customers) can do with Rebrandly

Rebrandly incorporates a bunch of smart features that help you get granular with your campaigns and link tracking.

Multiple domain management

You can manage up to 1000 domains in a single account, and Rebrandly will automatically activate an SSL certificate for each — even if the domain was purchased from another provider. The platform allows you to manage the 404-page redirect and the main domain redirect.

UTM and link parameter builder

Urchin Tracking Module (UTM) parameters are used by marketers to track the effectiveness of online marketing campaigns across traffic sources and publishing media. Rebrandly lets you create UTM parameters, and even more advanced parameters, in a fast and efficient way.

Puma, the well-known shoe and sportswear brand, uses Rebrandly’s parameter builder across all their marketing and affiliate teams in order to build trackable and measurable links that interact directly with their business intelligence tools.

Link routing

Dynamic link routing lets you send your audience to different destination URLs based on factors like the date, language, and user location. Lamborghini, the luxury car company, shares dynamic branded links on their social media using Rebrandly. The person who clicks on the link is redirected to specific content based on their location.

Link retargeting

Link retargeting involves inserting your retargeting pixel code – be it Facebook, Google, Twitter, or otherwise – inside of a short link so that anyone that clicks on the link is added to your retargeting pixel. With Rebrandly, you can “fire” a retargeting pixel directly within a link, whether it points to your website or not. Learn more

Deep linking

This allows brands to route traffic to a mobile application installed on a user’s phone. This advanced feature improves mobile user experience and increases conversion rates. Telecom companies like ThreeMobile use this feature especially when they send mass SMS communications.

Workspaces and roles

With Rebrandly, it’s possible to create unlimited workspaces with various role profiles and access levels for individual employees. Saint Gobain, a French multinational corporation with offices in 67 countries and over 170,000 employees worldwide, uses Rebrandly to give global departments the freedom to create custom short URLs organized by nation. Employees can share branded links for portfolios, product catalogs, documents, email signatures, and business cards. They’ve also widely adopted the solution for showcasing their various products.

Are you using generic short URLs or branded links?

Or, just as importantly, could your customers be using branded links to support their marketing efforts? You can start by getting creative with the TLD options you pitch to your customers, introducing them to the use cases of branded links, and, perhaps, integrating with Rebrandly to offer them a link-management solution.

Avoiding COVID-19 Cyberattacks with Security Best-Practices

April 28, 2020

Advice, Featured, SSL

Like

security lock and credit cards on keyboard

Most of us that work in Tech are familiar with security best-practices, but for many people, including your customers, being thrust into working remotely and conducting more daily activity online can bring with it security risks. Now is a great time to support your customers with tips on how to stay secure online and avoid COVID-related cyberattacks.

We’ve partnered with one of our trusted Security providers, Digicert, to provide you content that can be easily recycled and shared with your customers.

Staying safe online, during COVID-19 and beyond

The ugly reality is that cybercriminals will exploit any vulnerability they can find. During the COVID-19 pandemic, many people are increasingly active on social media, email, apps and SMS (texting) as we look to stay connected with one another and alert to new information. Some malicious parties are taking advantage of this by using these technologies as a means to distribute malware. Often, these scams involve fraudsters impersonating healthcare officials or organizations.

What can you do to stay safe?

1. Be suspicious of emails and messages about COVID-19 by:

Inspecting the subject line and sender. If you don’t know the sender, or the subject line seems odd, don’t open the message and most importantly, do not click on any links.
Subject lines about a cure or vaccine for COVID-19 are most definitely scams. Don’t open the message.

2. Look for common signs of fraudulent emails. These include:

Poor grammar or spelling
Poor design
Unreliable contact information
No Terms and Conditions provided
Deals that seem too good to be true
Suspicious forms of payment (like sending money to a random PayPal account or paying with cryptocurrency)

3. Don’t download unknown email attachments

For example, the map below — made to look similar to a legitimate map created by Johns Hopkins University — was circulated by scammers via email. The map often included links to malicious sites disguised as official communication.

4. Get familiar with known scams related to COVID-19

The Canadian Anti-Fraud centre is keeping an up-to-date list of known scams, and we encourage you to check for similar resources being provided by your local government.

5. Keep your browser up-to-date and watch for security indicators

One easy way to protect yourself is to ensure you’re using the latest available version of your browser. We also recommend checking that the websites you are browsing are encrypted with SSL.

Digicert has a great guide on how to identify authorized sites. This is particularly important if you are providing any kind of personal information or making a financial transaction.

6. Always check for additional trust indicators

Asking yourself a few of the following questions can help you better determine whether a website is trustworthy:

Do they have Terms and Conditions or a return policy listed?
Do they have a secure site seal?
Are there grammar and spelling mistakes?
Do they have reviews?
Do they have a social media following?
Is there contact information listed in case you need to get in touch with the company about your order?
If you arrive at a website via a link contained in an email, take extra care sure to make sure the site you’re on is the company’s official website – not an imposter.

Questions like these do not guarantee that a site isn’t a scam, but they are helpful guides in determining whether or not you should trust a site.

The reality is, it’s impossible to completely safeguard against online threats. But just like handwashing and social distancing offer a basic line of defence against COVID-19, the best-practices outlined above will help protect you and minimize risk online during these challenging times.

Make Money Selling .ORG

March 18, 2020

Advice, Fun, Industry Insight

Like

Missed our .ORG Webinar? We’ve got you covered. Below you’ll find a recording of the live presentation as well as links to the downloadable .ORG Toolkit and Webinar PDF.

Watch the .ORG Webinar

Download your .ORG resources

Download the PDF presentation

Download the .ORG toolkit

The Importance of Authentication in SSL

July 23, 2019

Advice, SSL

Like

Update: Our latest Digicert Webinar covers the importance of authentication in SSL, and how it’s a key factor in properly marketing and selling certificates:

Browsers have evolved to offer a better user experience and greater attention to security. Perhaps most importantly, they now display a security warning to users when they land on a website that lacks encryption:

This is a step forward to a safer Internet, but encryption is only part of the security equation.

Without a means to verify the owner of that website, the user can’t be sure who they are sending their information to.

When SSL certificates were first introduced, they served both these critical purposes:

1. Encrypting the data in transit

2. Authenticating the website to which the data is being sent

They were issued by a small handful of Certificate Authorities (CAs), accredited and compliant third parties able to provide both encryption and authentication of your website.

But as the Internet grew, so did the number of CAs in the market, and the variety of SSL options. And what was the main differentiating factor among these certificates? The level of authentication they provided.

Today, SSL products range from free “encryption-only” certificates, which can be registered in a matter of minutes, to Extended Validation (EV) SSL certificates, which, as their name suggests, involve a thorough validation (authentication) process as part of their registration.

When choosing an SSL certificate for your site, or helping a customer select one for theirs, your main question should be: what level of authentication do I need? After reading this blog, the answer will be clear.

Minimal Authentication: Domain-Validation (DV) Certificates

DV certificates are often described as “encryption-only” because they don’t provide confirmation of who the website owner really is. To register a DV certificate, the website owner simply needs to prove ownership of the domain name(s) they are trying to secure.

Think of a DV certificate like a library card: they are easy to obtain and aren’t considered a credible form of identification.

When to use a DV certificate

These certificates are sufficient if you’re securing a page just to maintain browser compliance (and avoid those warnings), or if you’re hosting a site that purely provides information and you want it done securely.

Basic Authentication: Organization-Validation (OV) Certificates

Before issuing an Organization-validated certificate, the Certificate Authority vets the organization and individual applying for the certificate. If a website visitor chooses to view the OV certificate, they’ll find this verified company information included in the details.

You can think of an OV certificate like a driver’s license: obtaining one involves a bit more hoop-jumping, but they are better trusted as a form of identification.

When to use an OV certificate

If you collect any basic personal information from your users, for example, login credentials, they’ll likely want to know who they are sending this information to. An OV certificate from a reputable CA may provide sufficient authentication and assurance in these cases.

However, Extended Validation certificates (see below) are often a better fit for e-commerce pages or business-critical sites where consumer trust is particularly important.

Advanced Authentication: Extended-Validation Certificates

Extended-validation (EV) certificates involve the most rigorous authentication process and, consequently, provide the highest level of assurance to website visitors.

What’s more, as mentioned above, they do this in a very obvious way: a green address bar that includes the name of the company. Finally, the CA Browser Forum, the SSL industry’s governing body, sets specific guidelines to govern the registration and authentication process for EV certificates.

These factors combine to make EV certificates the gold standard, and the assurance they provide becomes ever more essential as the average Internet user becomes savvier and security standards rise.

Continuing with our analogy, EV certificates can be thought of as passports: they are internationally recognized as the most trusted way to verify a website owner’s identity.

When to use an EV Certificate

We recommend using an EV if you’re looking to establish a high level of consumer trust or collecting sensitive information, which could range from login credentials to national identifiers, to credit card information. While not all browsers treat EV certificates the same way, for users, the additional visual cues can inspire trust and confidence to proceed with the transaction or activity.

Looking to better market your SSL lineup?

Our partners at DigiCert have some great resources to help you educate your customers and help them find the right fit. Through your partnership with us, you have access to an array of brands and certificate types to help make sure you properly meet the needs of your specific customer for their specific project. You can view our SSL offering here.

This post was sponsored by DigiCert, an Enom partner, and leading Certificate Authority.

Advice
Category

Increase Domain Sales with Branded Links Integration

What is a branded link?

Why you should use branded links