When an employee leaves – voluntarily or not – every minute their accounts remain active is a security risk. Former employees with access to email, files, client data, and business systems is one of the most common sources of data breaches in small businesses.
Here’s our offboarding process that locks everything down same-day.
Immediate Actions (Within 1 Hour of Notification)
Identity Lockdown (JumpCloud)
- Disable JumpCloud account (kills SSO access to all connected applications instantly)
- Terminate all active sessions across all devices
- Revoke MFA tokens
- Remove from all groups (access to shared resources cut)
Microsoft 365 / Google Workspace
- Reset password and block sign-in
- Revoke all OAuth app consents
- Convert mailbox to shared (preserves email history for the team without paying for a license)
- Set up email forwarding to manager (time-limited, typically 30-90 days)
- Transfer OneDrive/Drive file ownership to manager
- Remove from all Teams channels / Google Groups
- Revoke mobile device access and initiate remote wipe of company data
Device
- Remote lock via JumpCloud (if device not yet returned)
- Initiate remote wipe of company data
- Remove from Syncro monitoring
- Remove Malwarebytes license
- Remove CrashPlan license (backups retained per policy)
Other Access
- VoIP extension disabled/reassigned
- VPN access revoked
- Line-of-business application accounts disabled
- Building/badge access revocation requested
- WiFi credentials rotated (if shared PSK)
- Shared passwords changed (any the employee had access to)
Within 24 Hours
- Audit all access to confirm nothing was missed
- Review recent file access/downloads for anything unusual
- Document the offboarding completion (compliance record)
- Retrieve and wipe physical device when returned
- Reallocate licenses
Why Immediate Offboarding Matters
- Data theft – A departing employee with active access can download client lists, financial data, or proprietary information. Once it’s gone, you can’t get it back.
- Compliance – SOC 2, HIPAA, and CMMC all require timely access revocation. Auditors ask: “How quickly do you disable access when someone leaves?” The answer needs to be “same day.”
- Legal protection – If a former employee misuses data, you need to prove you revoked access promptly. If they still had access a week later, that’s on you.
Voluntary vs. Involuntary
For planned departures (resignation with notice), we can pre-stage the offboarding to execute the moment they walk out on their last day. For involuntary terminations, we execute immediately when HR gives the signal – often while the exit conversation is still happening.
Either way: when they leave the building, their access is already gone.
Need IT help? Seashore IT provides managed IT for businesses with 5-250 computers across the Western US. Flat monthly rate, 30-60 minute response, 24x7x365. Call (833) 997-6886 or email info@seashoreit.com.
Seashore IT – Your transparent IT partner, aligned to your goals, embedded in your success.