Quick question. If someone left your business today, are you 100% sure they no longer have access to your systems?

It is one of those things most businesses assume is sorted. In reality, it is often a bit… hopeful. That is where problems start.

Where Things Start to Slip

When someone leaves, there is usually a solid process in place. Laptop back, handover done, payroll sorted. Job done, right?

Not quite.

Access to systems like email, shared drives, CRMs and finance platforms can easily get missed. Especially when access has built up over time. All it takes is one forgotten account and suddenly someone outside your business still has a way in.

Then there is what is happening in the background. Most businesses do not realise how often their systems are being tested by login attempts from overseas. These are not targeted attacks, they are automated and constant. If there are no controls in place, a login from the other side of the world can look completely normal. Device access is another classic. Staff using personal laptops or phones to check emails or download files. It feels convenient, but it comes with zero guarantees around security, updates, or protection. Even when security is in place, it is often patchy. Multi Factor Authentication on email but nowhere else. A bit here, a bit there. Attackers love that.

Why It Matters

Cyber attacks are not always sophisticated. Most of the time, they are just opportunistic. Attackers look for the easiest way in.

An old account that was never disabled. A password that has been reused. A device that has not been updated. One small gap is all it takes. When something does happen, the response is often “reset the password and hope for the best”. Unfortunately, that is rarely enough. It does not check for anything else that might have been left behind.

What You Should Be Doing

Nothing here is overly complicated, but it does need to be consistent:

• Make offboarding a proper process, not an afterthought
• Remove access as soon as someone leaves
• Turn on Multi Factor Authentication everywhere, not just email
• Keep an eye on login activity and flag anything unusual
• Make sure devices are updated and actually staying updated
• Only allow approved, company managed devices to access your systems

Simple steps, done properly.

How Three Cherries Can Help

Security is not just about keeping the bad stuff out. It is about knowing exactly who has access to what and being confident it is under control. If you are not completely sure, you are not alone as most businesses are in the same boat. At Three Cherries, we specialise in cybersecurity for small businesses and can advise where gaps may be. From this, we can assist your business in rectifying these areas. Need some help? Get in touch. At Three Cherries, we take the gamble out of business technology