The Employee Left. The Domain Left Too.

The Business You Think You Own – Part 1

Some of the biggest cybersecurity problems don't begin with hackers.

They begin with helpful people.

Every growing business has one.

The person who knows "computer things." The colleague who volunteers to set up the company website. The marketing officer who says, "Don't worry, I'll register the domain." The cousin who studied IT. The consultant who promises to have everything up and running before the end of the week.

They're not trying to create a problem.

They're trying to solve one.

And because everyone is focused on getting the business moving, nobody stops to ask what sounds like a boring question.

Who will actually own this account?

When you're building a business, ownership is rarely the exciting part.

You're thinking about customers, suppliers, sales, branding, cash flow, staff salaries, and whether UMEME has decided today is another good day for load shedding. A domain registration feels like a small administrative task—just another item to tick off the list before getting back to "real work."

So the website goes live.

Customers start finding the business online.

The email addresses look professional.

Everyone is happy.

The domain quietly disappears into the background, only remembered when someone proudly tells a customer, "Visit our website."

Then life happens.

People get promoted.

People resign.

People relocate.

People discover that another company is paying better.

And just like that, the person who registered the domain is no longer part of the business.

For a while, nothing changes. The website keeps working. Customers continue placing orders. Emails continue arriving. The business carries on exactly as before.

That's what makes this risk so deceptive.

It doesn't announce itself.

It waits.

Then one ordinary Tuesday morning, the website goes offline.

The emails stop working.

Customers start calling.

Someone asks whether the internet is down.

It isn't.

The domain has simply expired.

The renewal reminder was sent to an email address nobody in the business recognizes.

The payment card linked to the account belonged to an employee who left two years ago.

Nobody knows which company the domain was registered with.

Nobody knows the password.

Nobody knows who has administrator access.

The business suddenly discovers something that would have been very useful to know much earlier.

The company owns the name.

Somebody else owns the keys.

The uncomfortable part is that this story is not unusual.

In fact, I suspect many businesses reading this have just become slightly uncomfortable.

Not because their website has disappeared.

Because they are no longer completely sure who owns it.

Convenience is a wonderful thing.

It helps businesses move quickly.

It helps startups get off the ground.

It helps small teams achieve big things.

It also quietly creates risks that nobody notices until years later.

"We'll change it later."

"Use your email address for now."

"Just use your debit card. We'll sort it out later."

Later has a habit of becoming five years.

Before anyone realizes it, the business has built its entire online identity on an account registered using someone's personal email address, personal phone number, and personal payment card.

The business pays for the website.

The customers trust the website.

The brand grows around the website.

But the ownership quietly belongs somewhere else.

One of the things I enjoy about cybersecurity is that it constantly reminds us that technology is rarely the real problem.

People are.

Or more accurately, people trying to be helpful.

Nobody wakes up thinking, "Today I'll create a governance problem that will frustrate everyone in 2029."

People simply do what seems practical at the time.

The problem is that practical decisions have surprisingly long memories.

I've often noticed that many organizations have stronger controls around office keys than they do around digital ones.

When someone leaves, Facilities remembers to collect the office keys.

IT remembers to collect the laptop.

Security remembers to deactivate the access card.

HR remembers to collect the staff ID.

Yet somehow nobody remembers to ask a few simple questions.

Who owns our domain?

Who receives the renewal reminders?

Which email address is linked to the account?

Which payment method renews it every year?

If we needed to recover the account this afternoon, could we?

Those questions sound painfully boring.

Until your website disappears.

Then they become the most interesting questions in the building.

The truth is, this isn't really a story about domains.

It's a story about ownership.

The domain just happens to be the first place where many businesses discover they have a problem.

Over the next few weeks, we're going to explore the other places these ownership risks quietly hide. Some are obvious. Others will probably make you look around your office and say, "Wait...who actually owns that?"

We'll talk about Instagram accounts with thousands of followers that nobody can recover.

Canva workspaces holding years of branding that disappeared when the designer resigned.

WhatsApp Business accounts tied to personal phone numbers.

Cloud storage that belongs to former employees.

Recovery email addresses that everyone forgot existed.

By the end of this series, I hope you'll ask a different question whenever your organization signs up for a new digital service.

Not "Who can set this up?"

But "Who will own it five years from now?"

Before you leave today, do yourself one favour.

Find out who owns your company domain.

Not who designed the website.

Not who updates the content.

Not who pays the hosting bill.

Who actually owns the registration?

If answering that question requires searching old emails, calling a former employee, or saying, "I think James knows," then you've just discovered a risk worth fixing.

Because one day, the renewal reminder will arrive.

And that is a terrible time to discover that your business has been renting its own front door all along.

Ownership Check

Before you move on to Part 2, take five minutes and answer these questions:

• Who owns our domain registration?

• Who receives renewal reminders?

• Which email address is attached to the account?

• Which payment method renews it?

• Can at least two people access the account?

• Could the business recover the domain today without relying on a former employee?

If any answer begins with "I think..." or "I'm not sure...", you've found your starting point.