At 6:20am, the firm's operations manager tries to log in and cannot. The accounts manager cannot access banking. The practice manager is locked out of payroll. By 8:15am, staff are messaging each other from personal phones because email has stopped working.

A director changed the passwords overnight. No notice. No record. No emergency. When asked, they say it was necessary to “secure the business” and that access will be restored once a few issues are sorted out. No one knows which systems were changed, who still has access, or what happens if that director does not answer the phone.

The day turns procedural. Work slows. Approvals stop. People start guessing which system matters most. The technical act is simple. The control signal is not. One person has turned system access into a source of bargaining power.

Pattern

Operational Leverage

This is what happens when control over systems sits with one person, and no one treats that control as a governance issue.

The password change is only the visible event. The real failure sits underneath it. Access was never mapped. Critical systems were never classified. Emergency change rules did not exist. The firm relied on trust, memory, and convenience.

In smaller firms, this often gets filed under IT. It is not IT. It is authority, continuity, and risk. Once access can be withheld, systems stop being infrastructure and become leverage.

Analysis

The sequence is usually short.

First, access accumulates around one person because they set things up, stayed the longest, or knew the vendor. No register is kept. Shared logins become normal. Recovery details point to a personal device.

Next, tension rises somewhere else in the firm. A board disagreement. A pay dispute. A challenge to authority. System control becomes useful because it is immediate and hard to unwind.

Then the overnight change happens. Passwords move. Multi-factor authentication shifts. Admin rights narrow. The explanation comes later, if at all.

After that, the business enters dependency mode. Staff cannot tell whether the problem is technical or political. Routine work now needs permission. Senior people start taking screenshots, calling vendors, and checking legal positions. Meetings increase because no one can rely on process.

At that point, trust drops faster than access can be restored. The system problem becomes a leadership problem.

Framework: Assess → Align → Act

Assess

List every critical system on one page. Banking. Payroll. Email. File storage. Practice management. CRM. Website. Domains. Cybersecurity tools. Accounting software. Telephony.

For each system, record the admin owner, current users, recovery contact, MFA device, vendor details, and any shared credentials.

Mark which systems would stop the business within one day if access failed. That is your critical list.

Align

Set ownership rules using risk, not habit.

Each critical system needs a business owner and a technical owner. They can work together. They should not be the same single point of control.

Approve dual-control for critical systems. No sole administrator on banking, payroll, core communications, or client data platforms. Emergency access must be available to at least two authorised people. Recovery pathways must point to the business, not a personal phone or personal email.

State the rule in writing: system access is governance, not IT.

Act

Create an access register and review it quarterly. Record every emergency change within 24 hours. Any overnight change to a critical system must be accompanied by written notice, a reason, a timestamp, and a restoration plan.

Remove shared credentials where possible. Move domains, vendor accounts, and recovery settings into company-controlled details. Keep a sealed continuity record for business-critical systems. Test access handover once a year.

Keep the register under company control, review it quarterly, and test it against staff changes so continuity does not depend on memory or personal control.

Tool

30-Minute Access Audit

Write down the ten systems your firm cannot operate without.

Next to each one, answer four points:

· Who is the admin?

· Who is the backup admin?

· Where does recovery go?

· Was the last change recorded?

Any blank space is a control gap.

Why It Matters

A firm can survive a technical failure. It struggles to survive a control failure hidden inside a technical act. When one person can lock everyone else out, the business has confused access with ownership. That raises operational, dispute, and continuity risks simultaneously.

If this matches one of your clients, introduce them to The Unravelling Map™ and put the access protocol in writing before control gets personalised.