Locked Out for Five Days

The hidden cost of a single compromised account

Locked out for five days sounds like something that only happens to careless people or dramatic headlines.
In reality, it happens to organized, competent adults who run real businesses and have calendars full of meetings they actually show up to.

It starts on a normal morning.
Inbox open.
Password rejected.

You try again. Slower. Still no.
You assume its muscle memory failing you, because surely it can’t be anything else. You click reset without thinking. Then you wait for an email that never arrives.

That’s when things shift.
Not into panic, but into a strange quiet. A mental buffering wheel.

Because the problem is no longer the password.
It’s the access.
And access, it turns out, is everything.

The instinct to “just keep going”

At first, you keep moving.

You open other apps.
You message colleagues from whatever still lets you in.
You tell yourself this is temporary. Minutes, maybe an hour.

You don’t want to overreact. You definitely don’t want to bother anyone.

So you do what capable people do. You try to solve it quietly.

This is also the moment most security incidents get worse.
Not because of bad intentions, but because helpful instincts kick in before clarity does.

What actually breaks in the first few hours

By lunchtime, small cracks start to appear.

  • Your CRM feels oddly distant
  • Deals you were actively working on feel frozen
  • Client notes are suddenly inaccessible

A deliverable that should have gone out smoothly is delayed.
Not because the work isn’t done, but because the final step lives behind the account you can’t reach.

You send polite messages about a “temporary issue.”
You keep them light. Calm. Professional.

Inside, you’re doing quiet maths.
How long can this reasonably go on?

The part no one really talks about

Being locked out isn’t just technical.
It’s personal.

You replay decisions.
You wonder whether you clicked something you shouldn’t have.
You hesitate before asking for help, even though you’d never judge someone else for the same thing.

You’re still working.
But with one hand tied behind your back.

And the effort it takes to look normal is exhausting.

Why Day One is the most dangerous

By the end of day one, nothing dramatic has happened.

  • No alarms
  • No ransom notes
  • No public fallout

And that’s exactly why it’s dangerous.

The damage at this stage is subtle.

  • A delayed reply
  • A missing attachment
  • A meeting that feels slightly off

Brand credibility doesn’t disappear in one loud moment.
It softens at the edges.

Clients may not say anything.
But they notice patterns.

Trust rarely breaks.

“But we thought we were protected”

Most small and mid‑sized businesses believe they’re covered.

  • They use reputable platforms
  • They have multi‑factor authentication turned on
  • They assume they’d know immediately if something serious was happening

These beliefs aren’t naïve.
They’re normal.

The gap isn’t effort.
It’s expectation.

Security systems are designed for calm days.
Incidents happen on busy ones.

The uncomfortable truth about MFA

Multi‑factor authentication works.
It really does.

Until it becomes background noise.

People get used to approving prompts.
Attackers know this.

They don’t rely on clever hacking.
They rely on timing.

One prompt approved while distracted, tired, or rushing between meetings can be enough.

Recovery is the bigger blind spot.

Most teams know how to log in.
Very few know what happens if they can’t.

  • Who controls the admin account if email is down?
  • Where are backup codes stored?
  • Who has the authority to say “stop” for ten minutes?

Days Two to Four: managing around the problem

By day two, you’re no longer fixing the issue.
You’re managing around it.

Work continues, but awkwardly.
You explain situations more than you should have to.
You answer questions with partial context.

By day three, fatigue sets in.
Not the dramatic kind.
The quiet, grinding mental load of constantly checking, rerouting, and wondering what else might have been touched.

By day four, the noise drops off.
Which somehow feels worse.

Silence leaves room for imagination.

On Day Five, access finally comes back

When access returns, often around day five, the relief is immediate.

But so is the realisation.

Nothing catastrophic may have happened.

  • No money lost
  • No data splashed across the internet

And yet, you feel different.

Because you’ve just learned how much of your business lives behind a single account.
And how exposed that really is.

The moment that actually saves businesses

Incidents aren’t saved by heroics.
They’re saved by calm.

The single most important move when something feels wrong is this:

Pause. Then lead.

Say it out loud:

“We may have a security incident. Pause and wait for instructions.”

That sentence does something powerful.

  • It slows people down
  • It stops frantic clicking
  • It gives permission to stop being “helpful” in dangerous ways

One calm voice can reduce more damage than any tool.

Secure the master key first: email

Email is the master key.

If someone has access to your email, they can reset almost everything else.

Order matters.

  1. Change the email password
  2. Enable multi‑factor authentication everywhere
  3. Check forwarding rules, recovery emails, and unusual sign‑ins

Then move outward to accounts that move money or data:

  • Banking
  • Accounting
  • Cloud storage
  • CRM
  • Payroll
  • Business social media

A simple rule helps:

If losing the account would stop the business, protect it first.

Don’t rush to “fix” devices

Devices trigger instinctive reactions.

The urge to wipe and move on is strong.
But containment comes before fixing.

If a device might be involved:

  • Disconnect it from the network
  • Stop using it
  • Don’t reset it yet
  • Label it clearly so no one touches it

Evidence feels theoretical until you need it.
Preserving it keeps options open.

Write it down. Even if it’s messy.

Documentation doesn’t need to be polished.
It needs to exist.

Rough notes are enough:

  • What systems were accessed
  • What data might be exposed
  • Whether clients are involved
  • Whether money moved
  • When it likely started

Writing things down anchors reality when emotions start rewriting the story.

Communicate like a professional

Communication follows the same principle as response.

  • Calm
  • Factual
  • Brief

This is what happened.
This is what we’ve done.
This is what we’re doing next.

Over‑explaining and speculating erodes trust faster than honesty ever will.

The quiet truth worth saying

A cyber incident is not a sign you failed.

It’s a sign you’re running a real business in a connected world.

What matters isn’t perfection.
It’s preparedness.

The businesses that recover fastest aren’t the most technical.
They’re the readiest.

They know who leads.
They know what to secure first.
They know when to stop clicking and breathe.

The only question that really matters

Not “are we secure?”

But this:

If your email went down right now, would your team know the first three steps?

If the answer is no that isn’t a flaw.
It’s an opportunity.

Calm can be designed in advance.
Readiness doesn’t have to be complicated.

It just has to make sense to real people, on real days, when things feel uncertain.

Let’s talk

Complete this quick form, and we'll be in touch to schedule a call at a time that suits you.
Book a free Consultation
Our diverse team brings the knowledge and perspectives to provide IT solutions that are reflective of and responsive to the unique needs of your business.

Quick Links

Services Support Our Team Contact Us FAQs

CONTACT US

+44 20 7947 0345 hello@avensystech.com
Office 7
35 – 37 Ludgate Hill
London
EC4M 7JN
© Copyright 2025 Avensystech
Sitemap Privacy Policy Cookie Policy