The bit nobody talks about
When someone leaves your business — whether they quit, got fired, or just drifted away — most owners shake their hand, wish them well, and get back to work.
What they don't do is check the 11 different places that person still has full access to.
This is one of the most common and preventable ways UK small businesses get hurt. Not by sophisticated hackers. By someone who used to make your coffee.
This actually happened
A Edinburgh recruitment firm lost their entire client database in 2022. No ransomware. No phishing email. No foreign hacker.
Their former sales manager — who left on bad terms six months earlier — still had active login credentials to their CRM system. One evening he logged in, exported every client contact they had, and walked straight into a competitor.
The business lost three of their biggest contracts within a month. The legal battle cost more than the contracts were worth.
The password had never been changed. Nobody thought to check.
Why this keeps happening
When someone leaves, you're dealing with handovers, covering their workload, updating clients, posting the job. Nobody sits down with a list of every system that person touched.
And the average small business employee has access to more than you'd think:
Email account. CRM. Accounting software. Cloud storage. Social media. Website backend. Payment systems. Shared drives. Project management tools. Wi-Fi password. Any personal device they used for work.
That's potentially 10 or 11 active doors left wide open after someone walks out.
The three things to do this week
1. Create a leaving checklist right now — before you need it
Open a notes app and write down every single system your business uses. Email, accounting, storage, social, everything. That list becomes your offboarding checklist. Every departure, every system gets checked. Takes 20 minutes to create once and saves you enormous grief later.
2. Enable login alerts on your critical systems
Most business software — Google Workspace, Microsoft 365, Xero, QuickBooks — lets you turn on alerts for new logins or logins from unusual locations. Turn this on today. If a former employee tries to access anything you'll know within minutes.
Most businesses have no idea this feature exists. It takes three clicks to enable.
3. Change your shared passwords immediately after any departure
Wi-Fi password. Any shared email accounts. Any shared login your team uses collectively. These are the ones that always get missed because they're not personal to anyone — they belong to everyone, so nobody thinks to change them.
One departing employee who knows your Wi-Fi password can sit outside your premises and access your internal network indefinitely.
The quick win right now
Go to your Google or Microsoft admin panel today. Look at active users. Look at who has access to what.
If you see a name that no longer works for you — remove them right now. Don't wait until you've finished reading this.
What this actually costs you
Nothing. Every single fix above is free. The leaving checklist takes 20 minutes. Login alerts take three clicks. Password changes take five minutes.
The cost of not doing it? Ask the Edinburgh recruitment firm.
SafeDesk breaks down exactly this kind of practical, plain English security advice every single week. No jargon. No scare tactics. Just the stuff that actually matters for businesses like yours.
Take our free 2 minute security check here: safedesk-cyberhelp.netlify.app