Yatra.com down for 2 days due to delay in domain renewal

SHRIRAM GOKTE)

Newspapers reported that the travel web site Yatra.com was unavailable over the weekend from August 9th and came back on August 11th ( “Yatra.com’s inactive site impacts sales” The Hindu August 12, 2013). During this period users could not access yatra.com and instead were redirected to a generic domain registrar’s page with the message “domain has expired”. It is understood that the outage was due to its domain name expiring on 9th August 2013.

The website was unavailable for business and losses of around Rs. 20 – 30 crore in sales have been estimated by the media; after all it is one of the most widely used travel booking website in the country. In addition to the direct losses, there could also be reputation issues.

The domain name was renewed after 2 days on 11th August 2013 and web site came back online. The learning from this incident is that this is a key risk that often gets ignored. The consequences could be serious ranging from lost business to someone else appropriating the expired domain name. We suggest that risk managers consider website risks as one of the strategic risks and not just an IT risk.

Here are few takeaways to manage this very important risk.

• The domain name registrars require at least two contact names & their contact details (administrative & technical) so that renewal or other emails can be sent. These should be current at all times otherwise renewal mails may go to the wrong email addresses or to people who have left the company. Most companies (ex Yatra) have kept one name from IT for both administrative & technical contact. It is suggested that two separate individuals be mentioned, one of which could be one of the key executives such as CIO, CTO, COO or even the CEO so that registrar’s mails will get the right seriousness.

• The IT department should keep a list of all its domains and their renewal details. Domain names are assets and should be protect like other assets in the company. Expiries should be tracked along with other services, software, contracts renewals.

• All other risks connected with domain name & website should be included in the risk assessment and controls evaluated. Audit and other internal controls functions should get involved in auditing the controls.

Other Services of Interest

  • Legal Compliance software - Partnership Announcement

    Riskpro is pleased to announce that we have partnered with LexComply to offer legal compliance software solutions to our clients. To learn more about legal compliance software that we have to offer...
  • Information Security Policies - Full Set

    Riskpro has put together a complete documentation toolkit for ISMS /ISO 27001 framework. To purchase this work template based toolkit, please send an email to info@riskpro.in.
  • SSAE 18 - SOC Audit and Attestation Services

    Riskpro's unique approach to SSAE engagement is sustained value addition to your business. Our readiness services enable you to remediate the control gaps in an efficient manner that not only help to...
  • SSAE 18 - SOC Audit and Attestation Services

    Riskpro has been providing SSAE 16/ now SSAE 18 and other information security services for over two years. Here are some of the major benefits our clients are experiencing. Benefits of SOC Audit...
  • Cybersecurity Checklist - NIST Framework

    Riskpro has developed a cybersecurity checklist based framework to perform a self assessment of cyber risk preparedness. Please email info@riskpro.in to obtain more information on this.
  • Risk Management for Corporates

    Banks are often seen in the forefront of any risk management discussion and it is often perceived that Risk Management is synonymous with Banking. But this is not entirely true. It is true that Banks...
  • Go to top