When we see headlines about data breaches, they are often about big, corporate entities, in which hundreds of thousands, or even millions of personal identities and financial profiles have been exposed. According to Symantec, the number of publicly disclosed data breaches continues to rise. But these “mega breaches” aren’t the only thing security experts are worried about. There is also the specter of small,unreported data breaches.

Small- and medium-sized companies are also at high risk of data breaches. While the payoff to cybercriminals may be smaller, they are still tempting targets because their security is usually less robust than an enterprise’s. It is likely that with all the mega-breaches occurring, far more small-scale breaches are going unreported. A business owner may not realize they’ve been hacked, or may feel embarrassed that they have been targeted. For many, it may simply be that they don’t know what to do when they’ve been attacked.

There are many ways that small businesses can protect their data, and we’ll continue to promote thesepreventive measures whenever we can. But those that aren’t taking these precautions are opening themselves up to attacks needlessly. Victims are often bewildered in the wake of a data breach; this isn’t a daily occurrence for most people. Fortunately, there are experts who deal with these issues regularly, which is why every small-business owner should at least be aware of the incident response industry.

Incident response services help their clients recover as quickly as possible from data breaches. They identify what data has been exposed, collect and preserve evidence for the investigation, and then secure systems from future attacks. Whereas a small organization may not be able to retain a full-time team to proactively maintain a secure IT infrastructure, incident response services can be brought on reactively, as needed. Fortunately, there are many providers out there, each with their own portfolio of services, specialties, and pricing structures. Researching your options is something you ought to be doing now, rather than in the wake of a data breach, when you’ll probably have many other things on your mind.

Prevention is almost always going to be the most cost-effective solution to securing your online data. But in the constant arms race between cybersecurity and cybercriminals, even those that have protected themselves might become the target of an attack. If that ever happens to you, be sure you have a preferred incident response service in mind. It may not be a call you ever want to make, but in the flurry of activity that follows a data breach, it’s good to know that there is someone that you can call.

We’ve talked before about general tips to keep your domains and account information safe from hackers and cybercriminals, and those topics—password strength, current email, account validation—are still relevant to protect sensitive information. That said, there is still one source of personal information you may not have considered: your domains’ Whois record.

Every domain contains a Whois record, which includes information about the registrant like name, phone number, physical address, and email address. It does NOT record any financial or payment information. International rules for the governance of domain names requires that this information be collected every time a domain is registered. If you’d like to see an example, we have a Whois lookup feature to see what any domain’s record contains.

The Whois record does have a useful purpose; it gives users the ability to contact a site’s administrator with any complaints, questions, or suggestions. Some may even want their information publicly available as a form of business advertisement. But for many, the security of their information may be the overriding factor.

Even if you aren’t worried about identity thieves, there’s another reason you may want this information kept private. Direct mail and telemarketing firms sometimes use information from Whois records to add to their contact lists. If you’re getting direct mail, spam email, or intrusive text messages or calls, some of that may have originated from your domain’s Whois record.

Fortunately, all of these above effects have an easy solution that we call ID Protect. For a nominal fee, this annually-renewable service effectively hides any personal, identifying information about you, the registrant, and replaces it with general contact information for us, the registrar. Any inquiries made about your domain are forwarded to you, without any of your information being revealed to third parties.

Note that not all domain extensions can be protected by ID Protect because some registries require the information to be collected and made available. But many of the most popular TLDs qualify. So how do you check the status of your domains?

Checking and Adding ID Protect

Log in to your account dashboard and click on the “Manage Domains” link. You should see a list of your domains, with several columns to the right of each one.

In the ID Protect column, you’ll see various icons indicating the domain’s status whether it’s already covered by ID protect (green shield), not currently covered (red silhouette), or does not qualify (N/A symbol). If you would like to add ID protect to a domain, check the box to the left of the domain, and click on the drop-down menu labeled “LIST ACTIONS” in the lower-left corner.

Scroll down to “Add ID Protect” and then hit the “Go” button. Follow the onscreen instructions to complete the purchase of this service.

Who to ask for help?

As easy as adding ID Protect can be, it never hurts to ask for help, that’s why we offer several ways to get it. You can go to our Help Center, read the ID Protect FAQ, or call us at (425)-974-4689. When you’re ready,add ID Protect to all of your domains.

So, you’ve registered a domain. You could always build a website or set up a custom email address with it, but let’s say you’re not quite ready to use it this way. One of the easiest things to do with domains is “redirect” them.

Do you have a Facebook page? Or maybe a Twitter or Instagram account? If you do, you may have had a hard time telling your friends how to find you. “W, w, w dot Facebook dot com slash spell your first name dot spell your last name one two three four.” You might get through half of that before you give up and say, “Just go on Facebook and search for me!”

But what if you could just say “(Your name) dot com” and have it go straight to your Facebook page. Wouldn’t that be cool?

Websites and domains aren’t “stuck” together permanently

It’s easy to think of a website and domain as one in the same, but that isn’t always the case. True, when you type in “www.google.com” you’re always going to go to Google’s search page, but if they really wanted to, Google could point “www.google.com” at any other page they wanted.

The same thing is the case when you register a domain. Don’t think of the domain as your house, think of it as the signpost that directs people to your house. Once you own that signpost, you can point, or “redirect” it to different websites. So yes, it is possible to point your domain to your Facebook page. Better yet, if you ever get tired of Facebook, you can change it to lead people to something else. You might point a domain to your LinkedIn account or online resume. Maybe you have a small business you’d like to start promoting. Domains aren’t locked into any one site, you’re free to change them whenever you want.

Now, you may have tried registering (your name).com and found that it was already taken, especially if you’re just going by your first name. Fortunately, there are now many more ways to end your domain than dot com (called top-level domains, or domain extensions). Try (your name).SOCIAL, (your name).ROCKS, (your name).NEWS, (your name).GURU, (your name).SITE, (your name).WORKS, or any one of hundreds of other possibilities. You can get started by searching for any domain you want, we’ll even list several different domain extensions if the one you want isn’t available.

So, you want to point your domain somewhere else, now what?

The beauty of redirecting domains is how quick and easy it is to do. Just sign in to your account and go to “My Dashboard.” Find the “Manage Domains” link and go to that. Click on the domain you would like to redirect, and go to “Host Options” on the next page. In the first two fields (www and @), change the Record Type to “URL Redirect” and type in the address you’d like to point to in the next box. Hit save, and the domain should be redirecting to the new address shortly.

Who to ask for help?

As easy as redirecting can be, it never hurts to ask for help, that’s why we offer several ways to get it. You can go to our Help Center, to search for answers, get instant answers from the Help tab you should see on the right side of our homepage, or call us at (425)-274-4500.

What to ask?

Ask specifically how to “redirect” your domain to a different site. Be sure to have the following information on hand:

• Which domain you want to redirect
• The address of the website you want to redirect it to