When someone joins, everyone pays attention to creating accounts and granting access. What about when they leave? Account cleanup tends to get pushed to "later," behind handover and final paperwork. That "later" is where the security hole opens up.

Why it's risky

If a former employee's email, cloud files, and remote access are still live, that account becomes an unattended door nobody is watching. Even with no bad intent on their part, if that password leaks anywhere, your whole company is exposed. A large share of real incidents trace back to "an account belonging to someone who already left."

Five things to do at offboarding

  • Block sign-in immediately. On the last working day, disable access across all company accounts at once.
  • Hand off the mailbox. Lock the account, but route incoming mail to a successor or manager so customer inquiries don't vanish into thin air.
  • Reclaim shared access. Move any cloud folders or collaboration tools that were tied to a personal account back under company ownership.
  • Don't forget external services. Clean up anything the company relies on (payments, social, various SaaS) that was logged in under a personal account.
  • Collect and wipe devices. Confirm no company data is left on laptops or phones.

Managed in one place, it takes five minutes

When accounts and access are scattered everywhere, something gets missed at every departure. When you control accounts from one place, like Microsoft 365, both onboarding and offboarding come down to a few clicks. The point is to build a structure where no gap opens up when people change.

What this means for your business

Can you say with confidence that every account from people who left in the past year is fully closed today? If you're not sure, it's worth a check, and worth setting up a process that closes them automatically from now on.