A salesperson leaves a Brantford trades company on good terms. Three months later, the owner discovers the former employee still has access to the shared customer files, the email account and the cloud storage. No one ever switched anything off. This is not a hack; it is a gap in process, and it is far more common than most owners realise.

How you bring people in and how you let them go has a direct bearing on your security. Two straightforward checklists eliminate most of the risk.

The onboarding checklist: start people off right

When someone joins, the instinct is to get them productive as fast as possible, which is entirely reasonable. Cutting corners on the initial setup, however, plants both headaches and security gaps that surface later.

A sound first-day routine covers several points. Create accounts under each person’s own login rather than a shared one. Grant access only to what the role genuinely requires, and nothing beyond it. Configure email, the computer and any applications with proper security in place, including multi-factor authentication, a second login step such as a code sent to the employee’s phone. Walk the new hire through your ground rules, from not reusing passwords to recognising suspicious email.

The guiding principle is least access: give people exactly what the job demands and no more. A delivery driver has no need of the payroll system, and a new front-desk hire needs no administrative rights across the business. Drawn tightly, that boundary keeps the damage contained if an account is ever compromised. Performing the process identically each time spares you unpleasant surprises, which is why many businesses fold it into managed IT services, so every new hire receives a clean, consistent setup without the owner having to recall each step.

The offboarding checklist: close every door

Offboarding is where most businesses stumble. On the day someone departs, their access should end. Not the following week. That day.

A clean exit looks like this:

• Disable their accounts and change any shared passwords they knew.
• Suspend email access, then forward or archive important messages.
• Remove them from cloud storage, applications and any remote access.
• Collect company devices such as laptops and phones.
• Transfer their files and customer contacts to the appropriate person.
• Cancel any software licences you no longer need, which also trims cost.

Speed matters most with anyone who left unhappy. A disgruntled former employee holding live access is a genuine threat to your data and your clients, and a written checklist ensures nothing is overlooked even on a hectic day.

Why a written process beats memory

The reason files stay open and accounts stay active is rarely complicated. Someone intended to handle it and forgot. When the steps exist only in your head, things fall through. A short, repeatable checklist for each event removes that exposure. You can build one yourself or rely on a partner who tracks access on your behalf. To find out whether stale accounts are lingering in your business right now, a quick free IT assessment is a sensible starting point, and you will find further practical guidance among our IT management articles.

FAQ

How fast should I cut off access when someone leaves?

The same day, ideally during their final hour. The longer an account remains active after someone has gone, the greater the risk. For anyone leaving on poor terms, act immediately.

What’s the biggest onboarding mistake small businesses make?

Granting new hires more access than they need, often by sharing a single login. It feels convenient on day one but creates security and tracking problems later. Separate accounts with appropriate access resolve it.

We’re a small team. Do we really need checklists?

Yes, arguably more than a large company does. Small teams seldom have a dedicated IT person, so steps get missed. A simple written list ensures nothing slips, even when you are stretched.

Can someone else handle this for us?

Certainly. We can manage onboarding and offboarding as part of your IT support, so accounts are set up and shut down correctly every time.

If old accounts or untidy setups in your business concern you, get in touch with RockIT Fuel Tech and we will help you build a process that protects you.