What Happens to IT Access When an Employee Leaves?

/in , , /by

Six months after a member of staff leaves, the login still works. Messages keep landing in an inbox no one reads, and the shared drive shows the same access it did on that final day.

Nobody decided this should happen; it just never got undone, and that is the gap most businesses carry without realising it.

When someone leaves, the energy goes into the handover and the goodbyes. The accounts, devices and permissions they leave behind rarely get the same attention, because nothing visibly breaks when they go.

For SMEs in Bishop’s Stortford and throughout Hertfordshire, managing employee access can easily be overlooked during a hectic week. Treating it as a cyber security and continuity issue, rather than an afterthought, is what closes that gap.

A Former Employee’s Account Is Still a Live Account

The thing to remember about a leaver’s login is that it doesn’t know its owner has gone.

Email, Microsoft 365, the CRM, shared folders, the accounting platform, and the various SaaS tools picked up along the way – all of these stay exactly as functional the day after someone leaves as the day before, unless somebody steps in to change that.

While an account stays open, it remains a route into business data. The exposure usually takes one of a few forms:

  • A former employee continuing to read company email or download files, whether out of habit, grievance or simple curiosity
  • Credentials being reused elsewhere, so a login tied to your systems gets caught up in an unrelated breach
  • An attacker finding a valid account that nobody is monitoring and using it as an easy way in

Attackers tend to look for the path of least resistance, and a live login that nobody is watching fits that description well.

The government’s Cyber Security Breaches Survey 2025/2026 found that the proportion of businesses reporting a breach that led to loss of revenue or share value rose from 2% to 5% over the year, with reputational damage climbing from 1% to 3%.

When incidents do bite, they increasingly cost real money and real standing, and unmanaged access is one of the simpler ways to hand an incident the opening it needs.

The Damage Goes Well Beyond Security

It would be a mistake to file unmanaged access purely under cyber security. The fallout reaches into parts of the business that have nothing to do with hackers:

  • Productivity: Nobody can find the files a leaver was working on because they sat in a personal OneDrive that has since been locked or left untouched
  • Client communication: Enquiries land in a mailbox no one is monitoring, so they go unanswered, and the client assumes you aren’t interested
  • Compliance: Data protection rules expect you to know who can reach personal data and to be able to show that access is controlled
  • Data ownership and lock-out: If a departing salesperson held the only login to a key supplier portal or the only admin rights to your social media, their exit can leave you shut out of your own tools

These are continuity issues as much as security ones. A business that cannot reliably account for who holds access to what is a business carrying hidden operational risk.

Cloud Tools Have Made This Harder, Not Easier

A decade ago, removing someone’s access mostly meant disabling their network account and collecting their laptop. The perimeter was the office. Today it’s far less tidy, for a few reasons:

  • Remote and hybrid working means staff connect from home, from personal devices, and through tools the central IT function may not have set up
  • Microsoft 365, SharePoint and Teams sprawl across shared sites and folders, each with its own separate permissions
  • SaaS platforms get adopted team by team, sometimes signed up for with a work email and a personal password and sometimes on a free tier that never appears on any invoice

The result is that the question “what does this person actually have access to?” has become difficult to answer. It’s that difficulty which is exactly why access control deserves more attention now.

You cannot remove access you don’t know exists, and the modern toolset makes it very easy for access to exist in places nobody is tracking.

Offboarding Is Also a Data Ownership Question

There is a part of leaving that often gets missed entirely, which is making sure the business keeps what belongs to it.

Important emails, working files, client records and shared documents need to be transferred into the right hands before or immediately after someone goes. If that does not happen, the knowledge simply leaves with the person.

Think about what tends to sit only in one place:

  • A half-finished proposal saved to a personal drive
  • The only written record of a client’s specific requirements
  • Running notes on a long negotiation that nobody else has seen

All of it can vanish into a deactivated account or an unreturned device. Treating handover as a data exercise means deciding in advance where a leaver’s files should end up and who becomes responsible for them.

This protects continuity and keeps you on the right side of your data protection obligations at the same time.

Where Proactive IT Support Changes the Picture

The reason access lingers is often because offboarding gets handled differently each time, depending on who is around and how busy the week is.

Proactive IT support closes that gap by making access management an ongoing discipline rather than a scramble at the point of exit. That means keeping a clear view of who has access, managing permissions, and removing access promptly when someone leaves.

At 4TC, we work with businesses across Bishop’s Stortford and Hertfordshire to keep this consistent as teams grow and change so a departure is handled to the same standard, whoever happens to be managing it that week.

The goal is straightforward. When someone leaves, their access should leave with them, and your data should stay where it belongs.

Speak to 4TC to Protect Your Business

Former employee access should not become a hidden security risk.

Speak to 4TC about managed IT support that helps keep your systems, data, and users under control. Get in touch today.

FAQs

  1. Why is employee access management important for SMEs?
    Because an open account is a live account. Strong employee access management means former staff cannot reach email, files or business applications after they leave, which is a core part of IT security for SMEs and a basic expectation under data protection rules.
  2. What are the biggest cloud access security risks when someone leaves?
    The main cloud access security risks are accounts that stay active across Microsoft 365 and SaaS platforms, shared logins that never get changed, and files saved in personal cloud storage that the business cannot see or recover.
  3. How does managed IT support help control access?
    Managed IT support gives you a consistent process for monitoring accounts, managing permissions and removing access when roles change. It also keeps a clear record of who can reach what, so nothing slips through when a team member moves on.
  4. Does 4TC provide cyber security support in Hertfordshire?
    Yes, 4TC offers IT support in Bishop’s Stortford and cyber security in Hertfordshire, helping local businesses secure company data and keep their IT processes consistent as their teams change.