When an employee leaves and nobody knows every account they had, that is not just an offboarding problem. It is an onboarding problem that has been waiting to show up.
Richmond businesses often add access quickly because the new person needs to get productive. That makes sense in the moment. The trouble comes months later when permissions, shared mailboxes, cloud apps, vendor portals, and line-of-business systems were never documented.
How onboarding creates future risk
Every new hire creates a trail of access. Microsoft 365, email groups, shared drives, accounting software, CRM tools, remote access, building systems, and vendor portals can all become part of the job.
If that access is granted through one-off requests, copied from another employee, or shared through old passwords, the business loses track fast.
What clean onboarding should include
- A role-based access checklist for each position.
- Clear approval before giving access to sensitive files or financial systems.
- Separate named accounts instead of shared logins.
- Documented equipment, licenses, groups, and applications.
- MFA enrolled before the first day of real access.
- A manager who owns changes when the employee changes roles.
This is not bureaucracy for its own sake. It is how your managed IT process keeps access from turning into a guessing game.
Offboarding should be boring
A good offboarding process should not require panic, memory, or detective work. When someone leaves, you should know what to disable, what to preserve, what to transfer, and who confirms completion.
That includes email forwarding, shared mailbox access, OneDrive files, Teams ownership, line-of-business apps, VPN accounts, mobile devices, and vendor accounts. If your business uses cloud services, this cleanup matters even more because access can persist from anywhere.
The role-change problem
One overlooked risk is the employee who does not leave. They just move to a different job. If old permissions are never removed, people collect access over time.
That is how a normal account slowly becomes more powerful than intended. It also makes audits harder and increases the damage if that account is ever compromised.
A practical access cleanup for Richmond businesses
- List the systems each role should have.
- Compare current users against that list.
- Remove stale accounts and old group memberships.
- Check shared mailboxes and delegated access.
- Review admin rights separately from normal user access.
- Repeat the review quarterly or after major staffing changes.
Hoola helps Richmond and East Central Indiana businesses build cleaner onboarding, safer offboarding, and better Microsoft 365 access habits. Call (765) 233-2338 or contact Hoola if you want a practical access review.
