Mergers and acquisitions (M&A) are commonplace in business, and have been increasing among companies around the globe in recent years. In fact, in 2017, more than 50,000 M&A deals were announced worldwide[1], exceeding $3 trillion in activity[2].
Typically, one of the following will result from an M&A between two companies (listed as A and B):
- A combined brand – “Brand AB” is formed
- A new brand – “Brand C” is formed
- An assimilation – “Brand A” persists, “Brand B” ceases to be used
- Status quo – both “Brand A” and “Brand B” persist, usually for a limited time until “Brand B” is assimilated.
In the first three cases, “Brand B” is dropped after an M&A, and sometimes, its digital assets—such as domain names, websites, social media profiles, and emails—are dropped along with it.
According to a recent article published by CSO Online, researchers attempted to understand the impact old domain names by re-registering merged or acquired companies’ expired domains and setting up email servers, thus testing the dangers of letting an old domain expire. Soon after, the researchers began receiving an influx of emails, including confidential information like bank correspondences, invoices, sensitive legal documents, and LinkedIn updates.[3]
Email is often a critical component of a business’s daily operations for communication and registering accounts on online services, with the domain name serving as the basic foundation for an email.
Without actually hacking into a company’s systems, a re-registered domain name gives the new registrant instant access not only to emails, but also the ability to reset passwords to accounts, like management or financial portals, databases, and social media, and compromise the business through phishing attacks, data leaks, social engineering, and more.
One can reinstate an old web shop to take new orders and payments without actually fulfilling them and take over email marketing accounts to conduct phishing campaigns. Many users will even reuse old passwords, and just one compromised account can lead to further third-party breaches on other accounts.
An abandoned corporate domain name often carries a “footprint” of activity that can be leveraged as an attack vector. A logical knee-jerk reaction to this revelation and the associated threats is to retain and renew every single domain name, just to be safe.
However, companies do not need to be held hostage and unnecessarily succumb to amassing larger and larger portfolios. CSC employs a holistic, four-step digital optimization framework to review our client’s digital assets, including auditing and rationalizing their domain names portfolio for better management, and their return on investment.
One of the biggest challenges our clients face is not just in listing all the assets they own, but also in identifying which are the most vital domains to their company. This challenge is compounded in the case of an M&A when different departments take over existing accounts, or employees leave the company, often with the knowledge (and passwords) to what are the most critical domains and other digital assets for the business. When companies are not aware of the full extent of their digital footprint, they risk abandoning the domains that matter.
To help companies, we have launched the CSC Security Center—using our advanced proprietary algorithms, to be the most comprehensive domain security solution on the market. It informs our clients which domains are their most vital, removing the guesswork from the process. This ensures that decisions on renewals are carefully considered, as well as data-driven, to allow for “right-sizing” and budgeting, and that critical domains are never abandoned due to lack of oversight.
This first-of-its-kind platform was built to expose security blind spots associated with your core, business-critical domains, allowing you to take quick action against real-world online threats that can compromise web presence, customer data, and critical business functions, such as email. There is a better way, and CSC Security Center is it
[1] https://hbr.org/2017/12/what-the-big-mergers-of-2017-tell-us-about-2018
[2] https://www.ft.com/content/9f0270aa-eabf-11e7-bd17-521324c81e23
[3] https://www.csoonline.com/article/3300164/hacking/dont-abandon-that-domain-name.html