Company Domain Name Held Hostage Prevention Strategies

(December, 2014)

Lack of care in setting up a company's domain name empowers somebody besides the company to control the domain name, thus imprisoning the company's website and locking out any efforts to update or manage the website.

Lesson Learned

Here I am writing, NOT from expertise, but from the experience of having lived through an amazing series of events that drove me to learn about this subject firsthand.

For those people who do not have a clear understanding, a domain name is the name that appears in a website address. For example, in … https://www.google.com … the domain name is … google.com …. Any company that has an internet address has a domain name. Amazingly, however, some companies do NOT have ownership and control of their own domain names and associated websites.

I have witnessed the operation of such a company, where a subordinate director established the domain-name account in his own name. He listed himself as owner, administrative contact, and billing contact for his company's domain name. He (NOT the company), therefore, owned this domain name. Consequently, when he later resigned under adverse circumstances, not only did he remove his physical person from the company, but also he removed the company's control of its own domain name. As a result, NONE of the current company employees (including senior managers or even the CEO) could gain access to the company's website control panel for purposes of updating and upgrading the site.

A fired subordinate director was now the only person who knew the user name and password for an account where he had established the company's domain name, which was the SAME place that hosted the company's website [BIG MISTAKE]. Sadly, the particular company here under discussion (a non-profit) NEVER regained control of its original domain name, which included the exact name that the company had used for over 50 years to brand its service to the community. This company also NEVER regained control of its original website, because this same former subordinate director held both the domain name account and the website hosting account for ransom – for money that he erroneously claimed that his former employer owed him.

Imagine a person completely locking you out of your own website, because you neglected the most basic task of taking ownership of it to start with. As unlikely as it might seem, this situation happens with surprising frequency.

Dire Consequences

During a time of extreme financial crisis, this non-profit that I mentioned abruptly ceased operations and went out of business, partly because it lost its website and its ability to make planned improvements in customer service that might have helped save it.

Preventing Domain Name Imprisonment

Here are my suggestions:

• ONLY the owner of a FOR-profit company should handle the company domain-name account, and ONLY the COMPANY NAME should appear on the line of the registration form that records domain-name ownership. This means that ONLY the company owner should set up this account in the COMPANY NAME, and ONLY the company owner should know the user name and password to this DOMAIN-NAME account.
• If more than one person invests in company ownership, then all owners should know the user name and password for the company's domain-name account. If one owner sells out, then the remaining owners should then agree to change the domain-name account password.
• The elected company owner should set up the domain-name account through a domain-name service provider, and then set up a TOTALLY SEPARATE account through a TOTALLY SEPARATE website-hosting service provider. This means that the domain name account exists with one service provider, and the website hosting account exists with a second (SEPARATE) service provider. One account handles ONLY the domain name, while a second account handles ONLY the actual website content. In this way, the company owner can always POINT the company's domain name to any place where any tech person might create the company website. Learning to do this is no more difficult than managing a bank account. Worst-case scenario, if a company loses its website to a hostage taker, then the company maintains the upper hand by still controlling its domain name, which it can point to a newly created website, if the hostage taker forces this.

Non-profit Companies

By definition, a non-profit company does NOT have owners. In this case, I suggest that the duty of managing the company’s domain name falls on the Chief Executive Officer (CEO), who accepts his/her office appointment under a clear agreement establishing principles of domain-name stewardship and legal grounds for a breach, if the CEO should fail to abide by these clearly stated principles and associated responsibilities.

Part of a non-profit CEO’s duties, then, would be to learn the relatively simple steps of managing and pointing the non-profit’s domain name. Again, this is no more difficult than setting up and managing a bank account. A person who is incapable of learning or who indicates incapacity to learn these basic steps should NOT be in the position of CEO. Pointing a domain name to the proper website usually involves merely getting the website’s IP address from the person who created the website, filling in a few blanks on a submission form, and clicking “submit”.

Wording Of The Agreement

Wording of a clause in a non-profit CEO’s agreement to hold office might include something like this:

" … agrees to receive the company domain name account password from the previous CEO, to change the previous password to a new password that ONLY he/she knows, to manage the company domain name with utmost care by insuring the proper legal use of it as it applies to the company website, to learn the steps of properly pointing the company domain name, and NOT disclose the company-domain name account password to anyone else except to a successor to the CEO position."

The company lawyer might develop this wording according to the proper standards for a particular non-profit company.