5 July, 2023


On 15 June 2023, auDA CEO Rosemary Sinclair spoke to Jenn Donovan on the Small Business Made Simple Podcast about how small businesses can get the most out of .au and enhance their cyber security practice. 

Jenn Donovan: Rosemary, I can't tell you how excited I am to have you on the podcast today. You have a really interesting subject for us to talk about, but I'm going to let you in. Say hello to the audience, introduce yourself and tell us a little bit about yourself, if that's okay.

Rosemary Sinclair: So sure, again, I'm really pleased to have this opportunity to chat with you. The problem is that I really like my subject matter, so you might need to stop me at some stage. So, I'm giving free rein to say “that's fabulous Rosemary, we need to get on with the conversation”. Because what I do as the CEO of auDA, which stands for the .au Domain Administration, is I run that part of the internet for Australia that really enables people to find the information that they want to send emails to the people that they want to get in touch with to offer business products and services to customers from where they are all around Australia. Ah, so domain names, the bit of the internet that enables all that to happen and we try to do that really quietly so that nobody ever has to think about whether the domain name system is working properly or securely, and we try to do it really efficiently. So, if someone's got a great idea and wants a domain name, they can get that through our registrar channel really, really easy easily.

So that's really the nub of it. We can go on and talk about how we represent Australia's interests in global internet discussions. We can talk about the use of the internet in regional Australia, some fabulous work that we've been doing, supporting grants for amazingly innovative uses of the internet. There's all sorts of things we can talk about.  Let me stop there before I really get going! 

Jenn Donovan: So, Rosemary, how did you get into this? So, my audience may not have ever heard of auDA. And I know previous to pressing the record button, I was saying it's not something that had ever come to my mind until five or six years ago when I started buying up domains. And I guess, you know, looking at what that meant and who actually regulated that and that sort of thing. So where's your history with it? How did you come to be the CEO of auDA? 

Rosemary Sinclair: Well, it's a surprisingly long history when I think about it. I worked in the telecommunications industry for many, many years and was really privileged to see the roll out in Australia, firstly of mobile phone services and then secondly of what became broadband services, which of course…

Jenn Donovan: So, were you involved in CDMA? All those years ago?

Rosemary Sinclair: I was, I was, with that very important and tricky switch off of CDMA services and moving over to 3G. Ah, and in those discussions, the importance of communications to regional and rural communities, in particular, was very, very clear and that just strengthened over the years that I stayed involved. I moved to policy work, but still in the telecommunications world.
I then moved into the media world for a time and watched the disruption of the media sector through new technologies like streaming services and podcasts, such as we’re doing today. I spent a little time in the education sector and same, watched the transformation of that sector because of technologies. A little bit of time in the energy sector, and similarly, that sector is being transformed because of digital technologies.

So, when the opportunity to take up the role of CEO of the .au Domain Administration, or auDA, came up, I could see the potential to do some really interesting and important work to meet the needs of a really quickly evolving and much more innovative economy. And that's what attracted me to the role. I see my role as running auDA as quietly and efficiently possible so that nobody needs really to worry about any of that and can just get on with what they actually want to do, which is not worry about what auDA is doing.

Jenn Donovan: Yeah. Okay. Goodness. Yes, you have had a long history and I'm sure that you well, you have a book inside you, all the things that you've seen and done and heard. I'm sure you should document at some stage at least. Now for my listener, I just wanted to make a distinction straight up. So recently and I think as recently as mid to late last year, a new domain of .au became available. So you could not drop the .com, and you could just have jenndonovan.au. So, I just want to distinguish for my listener that that's not auDA, that’s not the ‘.au’ that you're talking about. You're talking about the country code that has existed since we started getting websites, as in com.au. Can you tell us a little bit more about that or explain that to my listener? Just so that they know the difference. 

Rosemary Sinclair: Yeah. So, the first thing I want everybody to do is to put a pyramid in their mind. So mind view of the pyramid and at the top of the pyramid is .au. And that is the country code for Australia. It's like .uk for United Kingdom, .fr for France, .nz for our friends across the ditch. So in the country code we have different name spaces. So we have .com within .au, so com.au for businesses. We have org.au for organisations, community type organisations, charities and the like. We've got net.au as a different sort of offering. Within .au domain at the top of the pyramid, we’ve even gov.au and edu.au. So, we've had different types of names within the .au family ever since .au emerged, which was in the late nineties.

As we saw the economy evolving to be much more entrepreneurial and innovative, ah, and this was through a process, a long conversation of consultation with stakeholders, it became clear that it was becoming increasingly difficult for people to fit into the rules that governed whether you could get a com.au name. And there was a need to meet this more innovative entrepreneurial spirit with a new name space, and we call it .au direct. That means that if you're a grown up business and you’re registered with ASIC and you're into that degree of formality, you can quite happily meet the requirements for jenndonovan.com.au. Now, if you’re Jenn Donovan and you've just got this wild mad idea for a podcast for small business across Australia, but you're not yet fully grown up and registered with ASIC etc. etc., then now you can come and get a domain name jenndonovan.au and start your business.

And we're thinking over time that people might go on a bit of a journey because there is value in a com.au. Consumers in Australia really value com.au names. And so you might be on your journey as a small business owner might get to a point of thinking well I do want to register my business and take that next step in formalities and so I'd like to get the com.au. But your computer folks can link those two names so that one can point to the other without having to set up whole new websites and the like. So that’s how .au as a namespace, fits into the big pyramid of .au the country code. 

Jenn Donovan: Yeah. Okay. Beautiful. Thank you for distinguishing that. Yes, it's hard on a podcast to make people imagine a pyramid, but I think you did a really good job at that. Yeah. So that's really interesting. I guess these days you can get all sorts of endings: .online, .store. I think I even saw the other day you can get .xyz. Who would want xyz? But anyway, there was all these different dots. But what is, what is the value of a com.au? Like, you know, I know you were talking previous to taking the record as to, you know, small businesses realising the value that they have. Can we go down that path? 

Rosemary Sinclair: Mmm. For sure. And if I can just firstly unpack the names .com, .org, .shoe, .bank, as well as country codes, these are what are called generic names. And you can a .bank, in any country in the world, but you can only get a .au, if you have provable connection with Australia and that has real value because of the preference that Australian consumers and users of websites and emails place on that .au.  Which is a whole story in and of itself. Why that value is there. But I would just like to make the point before I get into the value story, Jenn, it's not commonly known, but Australia, the .au is the 10th largest top level domain in the world and the seventh largest country code domain in the world. So it's the typical story of Australians. When they get a piece of technology that makes a difference and works, then they take it up in great style. And that's what's propelled us to being amongst those, those very top numbers. Which is just fantastic for Australia and reflects our approach to innovation and technology.

But getting back to the value that is being created by small businesses, one of the things I was saying to you when we were just chatting, is that I don't think that Australian small businesses realise that as they work to create value in their businesses, by providing great products and services and terrific customer service and meeting the needs of their customers and so on and so forth, they are actually building value also in the domain name. And the domain name is licensed to small businesses, so you have to keep paying the license fee. But if you do, then when you get to a point of wanting to realise value in your business, the value that you've created over the many years, I want people to really take a moment to talk with their accountant advisor about what value there might be. Separately from the chairs, the tables, the stock, the cars, all the rest of it, what value there might be in the domain name.

It's important that you keep renewing the domain name, so that it's yours, but there's value there. And it ah, part of it is the products and services, and the customer service. But as well, research that we've done, shows quite clearly that Australian consumers reach for a website or email addresses that end in .au first, because they know it can be trusted. And we've got global proof that .au is a highly trusted domain. And it relates directly to the way we run the domain. The rules that we apply and the operational practices that we apply. But there's value there because there's trust there, which is of course a known business equation, but it applies to domain names as much as anything else.

Jenn Donovan: Yeah, that's yeah. And I think if anyone is listening to that and you watch your own search habits, you know that that is true. Like I know I'm looking for the .au for a few things. You know, when people have a .com and I go to their ‘About’ page and I still can't work out whether they're Australian or whether they're not Australian, it kind of like, I'll just look for someone else or this person isn't for me, type of thing. Because I can't work out who they are or what that type of thing. They haven't been able to build that trust with me. I do that often, I guess maybe more often than most people because of my podcast. I'm always getting, you know, I probably get up to ten people email me a day, asking if they can come on my podcast and I do some research on them. Since I only take Australian guests at this point. You know, are you Australian, are you not Australian? And you know you they haven't got the .au on the end, then I have to spend some time doing some investigation. So absolutely.  

Rosemary, you said a couple of times there at the start that you like to operate quietly, so that, you know, people don't necessarily need to know what auDA is doing or what they're not doing, because the system just works. But what would be a situation where someone would reach out to auDA direct? Like what sort of consumer or business situation would that look like? 

Rosemary Sinclair: Ah, a couple of examples that I can think of. And when I say we do our work quietly, our work consists of three main buckets. The first is making sure that .au operates securely, reliably and stably. So that when people are trying to use the system, it's always there to meet their needs. We have the numbers are quite amazing, but something like 60,000 inquiries to .au websites or emails every minute. It's really a very high level of activity on our on our system. So we're really concerned about security and stability, number one.

The second thing we worry about all the time is compliance with our rules and fair and proportionate administration of the licensing framework. So that's where people can make inquiries of us. They can also go to their registrar, the people who sold them the domain name in the first place. We do a lot of work with our registrars to make sure that they are absolutely up to date with our licensing framework, our rules and our approaches to checking, for example, that someone has a connection to Australia and therefore can get a .au.

And then globally we take part in all the conversations about how the domain name system is run and how it works together, how it's interoperable across all the different types of domains. So someone sitting here in Australia with a .au domain name can get to a website in France, or can get to a website in the UK, in the blink of an eye, is really our preference in terms of speed, getting there without any glitches or bumps. But as well as all of that, we want to make sure that people get to the right website. The website they really want, and not a fake or deceptive website. And similarly, we don't want Australian websites being used by criminals or fraudsters to misdirect consumers. So there's a whole body of work, called domain name system abuse, and we're on the front foot in terms of trying to prevent that sort of abuse. We've got one of the very lowest levels in the world of domain name abuse. And so we work with law enforcement agencies and government agencies to protect Australian consumers from bad behaviour and bad actors. 

Jenn Donovan: Mmm, okay. I think that's really interesting. That is four very big pillars to sort of be covering for sure. That was a really interesting point you brought up about security. Is there anything a small business owner could be doing to keep their domains that they're paying for every year more secure or at a good security level? 

Rosemary Sinclair: Yeah, there are. And I, I think of them as four sectors and this is not rocket science. For all the important security nerds that are out there Jenn, keeping us all safe, at the Australian Cyber Security Centre and the Australian Signals Directorate, and in other places, those folks are working really hard.  Down at the individual level and this applies to auDA as a small business, so it applies to everybody else. There are four things you can do.

You can make sure that people are using and being really careful of passwords. The latest development there is to use a passphrase, so some little sentence that is meaningful to you that will be harder to crack for anybody else.
And when people say you need to have a, you know, a 20 character password, ordinary people like me go, I'll never remember 20 characters. But if my 20 characters are ‘the ocean is blue#’, then I can remember that. But at 20 characters, it's much harder for someone else to figure it out. So that's what we mean by passphrases. So that's number one. 

Second thing is to find some training or materials for people to read, and train your people. So at auDA we do a monthly two and a half minute, to two and a half minute sessions. It's not very long, not very time consuming, but it really gets the message across to all of us, including me, about how terrible it would be if someone hacked into our website and caused damage to our reputation or our customers. Or if we inadvertently gave away information by responding to what might look like legitimate requests from the CEO to transfer money to pay this bill urgently. Anything like that, just pause and think really, would that be going on? So training people, people is the next one. 

Third one involves working with your people to make sure that your systems, the software systems that you're using are up to date. Because any little out of date element of software, it can be used by bad actors to worm their way into a website and then present a legitimate website to the world for illegitimate purposes. So staying up to date with software is really important. And every time and IT person comes to fix a computer or do anything, just get them to check that all of your systems are the latest up to date systems. Because all of the systems are adding on security elements to deal with the kind of world that we're in. And the last thing is to make sure that all your partners, your third party providers are being as careful about security as you are being about security. Because if you're working closely with someone who's not taking care of passwords, people and patching, then they can be the back door into your systems. 

So those are the four things: passwords, people, patching and third parties. And anyone can think about those things. It's as I said, it's not rocket science. It's not frightening. Sometimes I find the jargon that our computer whizzes use, it’s just it's frightening. You think I can’t understand that and therefore I'm not going to do anything about it. But, you know, thinking about it the way I've described it, anyone who's running a small business is more than capable of dealing with those four elements.

Jenn Donovan: Yeah. Great. Thank you for all those tips, Rosemary. This has been such a great conversation. I've still got so many things I'd like to ask you. But two things just before we finish up, if that's okay. auDA has a membership program. Can you tell us a little bit about that in case some of my listeners are interested in knowing a little bit more about that?

Rosemary Sinclair: Yeah. And the first thing I'm going to say about that Jenn, is that it's complimentary. It's absolutely free to be a member of auDA and there's a very good reason for that. We're supposed to be doing what we do every day for the benefit of Australians. And so it's really important for us to understand what Australians think might be in their benefit, and for us to stay really close to our stakeholders. And our membership program is one way of doing that.

So we provide a lot of information to our members, there would be cyber security tips, there would be opportunities to come to webinars, there's weekly newsletters. There's a range of simple, easy to access information that can help anybody with a domain name. We ask our members to let us know what they think about particular things that we're consulting on, issues that we think are important. We ask our members every couple of years what they think about what we're doing and is there anything else we could do to help people? And of course, our members have a very important role formally at our AGM, in terms of electing directors and telling us what they think about how we've been going. We've got a very high degree of transparency about the way we run .au, because we're running it for the benefit of Australians.

So just go to auda.org.au, and you'll find information about membership. As I say, it's completely complimentary. We just love people to join in our work and be part of what we're doing on their behalf. 

Jenn Donovan: Beautiful, thank you for that. And the other thing that you mentioned at the very start that I just wanted to dive a little bit deeper. I'm not sure how deep you can go, but you mentioned that you were doing some really innovative things, supporting some innovative people through grants and things like that. What can you tell me a little bit about that without perhaps giving away someone's IP of what they're up to? But yeah.

Rosemary Sinclair: Yeah, no, it's it's a program we run that was started some years ago, under the auDA Foundation, we now call it the auDA Community Grants Program. And we go out around about August, September each year and let everybody know that we've got the capacity for 15 grants of $40,000. And we're interested in grassroots ideas about what people could do with that money to innovate with the internet or to develop some useful application of the internet.

So we have funded such interesting work, one piece of work that we're particularly proud of, although our contribution was limited in that case to $40,000, was the Council of Small Business Organizations of Australia have been doing some work on what they call a Cyber Wardens Program. What they say is that everybody knows about fire wardens and most people have got one, or know where to get one, and that's all set up in people's minds. The issue of the moment is cyber security. Let's help everybody to become aware and to put in place cyber wardens in their businesses. So we funded a little pilot with that $40,000 horsepower to do that work that turned into 24 and a half million dollars with funding from the federal government to expand and develop that program of cyber wardens to help small business.

That's one that we're very proud of. Just one more example, if you might indulge me, way down at community end of things. Last year we funded a program to use the internet to provide information for people with disabilities about where there are accessible beaches. And I just particularly love this program because it's a relatively simple use of the internet, but it enables that experience that is so Australian of being able to get down to the beach and be in the sand or in the water, whatever the circumstances might be. But it deals with that terrible problem of you get to the car park and then everyone else can get down to the beach. The person with a disability is stuck in the carpark. I just think it's the most magic example of where we can use the internet to create opportunities and experience and equity for all Australians. And that's what we're all about. The internet, for the benefit of all Australians. 

Jenn Donovan: I love that and I love that someone obviously, see a problem solve a problem. That must have been something that they've seen or were experiences experiencing themselves or within friends or family and they have gone for a solution. That is that's a brilliant example. I love that. Thank you for sharing that. That's great. And I'm sure that my listener is now ticking over thinking, oh, I must go and have a look at what that beach site is, or I'll go and have a look for that. Brilliant. Rosemary, is there anything we haven't touched on that you would like to touch on before we close out today? 

Rosemary Sinclair: I think with your clever questioning, Jen, we've managed to weave our way through all the things that I thought Australians, your listeners, might be interested in understanding about .au and auDA and I guess I'd just like to reassure people that we will just keep going. We'll be running .au quietly, securely, stably. We will be supporting registrars and administering the licensing framework equitably and fairly. We'll be having our voice in the international debates and we'll be really staying in touch with our members to understand the needs of Australians and to try to respond through our own innovation, so that .au remains really contemporary and relevant to what Australians trying to do on the internet.

Jenn Donovan: Yeah, beautiful. Thank you and I will link to the auDA website on, in the show notes and any socials you might have as well. So people can kind of check that out and go and follow along and maybe even, you know, I would encourage people to go and have a look at the membership program as well, because I don't know many small business owners who don't want to know more about how to keep themselves safe. Cyber security like you say is really, really top of mind topic at the moment for lots of small business owners. Rosemary, thank you so much for coming on. You've been a wealth of information and yeah, I've been very curious about auDA. So yeah, really grateful that you came on and gave me your time today. 

Rosemary Sinclair: It's been an absolute pleasure, Jen, and perhaps we will get together again down the track when there are new and interesting things to talk about.

Jenn Donovan: Sounds great. Thank you so much.