for maximum security on your domains, consider adopting some or all of the following best practices:

-Use registration features like Registry Lock that can help protect domain name records from being changed. Note that this may increase the amount of time it takes going forward to make key changes to the locked domain (such as DNS changes).

-Use DNSSEC (both signing zones and validating responses).

-Use access control lists for applications, Internet traffic and monitoring.

-Use 2-factor authentication, and require it to be used by all relevant users and subcontractors.

-In cases where passwords are used, pick unique passwords and consider password managers.

-Review the security of existing accounts with registrars and other providers, and make sure you have multiple notifications in place when and if a domain you own is about to expire.

-Monitor the issuance of new SSL certificates for your domains by monitoring, for example, Certificate Transparency Logs.