What Happens When an Employee Leaves? Email, Files, and Access

Why This Matters

Employee departures are normal. Poorly handled departures create risk. Email, files, access, devices, shared passwords, cloud storage, and business relationships can all be affected when someone leaves.

The goal is not to assume wrongdoing. The goal is to protect the business, preserve what matters, and avoid losing access to important information.

1. Email and Cloud Files Need a Plan

Mailboxes

A former employee mailbox may contain customer communications, vendor records, contracts, attachments, project history, or evidence relevant to a later dispute.

OneDrive and SharePoint

Files may be stored in the user’s OneDrive, shared through links, or spread across SharePoint libraries and Teams. Ownership and access need to be handled carefully.

Retention

Deleting or changing accounts too quickly can make it harder to find business records later. Retention and preservation should be considered before cleanup.

2. Access Should Be Removed Without Losing Business Data

Business Continuity

The business may still need access to email history, files, shared documents, vendor records, and customer communication after the employee leaves.

Security

Access should not remain open longer than necessary. Former employee accounts, remote access, shared passwords, and vendor portals can all become security risks.

Documentation

It should be clear who handled the departure process, what access was changed, what devices were returned, and whether any data needed to be preserved.

3. Everyday Users Should Not Have Administrator Rights

Why It Matters During Employment

If an everyday user account has administrator privileges, routine work carries more risk. Malware, unauthorized software, or accidental changes can cause more damage when run with elevated rights.

Why It Matters During Departure

If a departing employee had unnecessary administrator access, the business may need a broader review of what systems, devices, data, and settings could have been affected.

Least Privilege Is Safer

Users should generally have the access required to do their job, not broad administrator access by default. Elevated access should be limited, documented, and handled by authorized personnel.

4. Devices Should Be Preserved When There Is a Concern

Do Not Reassign Too Quickly

If there is any concern about data theft, deleted files, or disputed activity, the device should not be immediately wiped or reassigned.

Device Activity May Matter

Relevant evidence may include recently opened files, USB device activity, browser downloads, cloud sync folders, remote access tools, deleted files, and local user activity.

Coordinate With Legal or Management

When a departure may lead to a dispute, legal counsel or management should decide whether preservation is needed before normal cleanup occurs.

5. Offboarding Should Be a Business Process

Not Just an IT Ticket

Offboarding affects payroll, HR, legal, customer relationships, vendors, physical keys, software subscriptions, cloud access, and devices.

Known Process, Less Panic

A clear process reduces missed accounts, forgotten devices, lingering access, and lost business data.

Review High-Risk Departures Separately

Some departures require extra care, especially when the employee had access to sensitive files, client lists, financial data, administrative tools, or confidential business information.