Ghost Access: The Door Nobody Closed
We were helping a new client offboard an employee who was leaving. As part of the cleanup, we checked whether older accounts had actually been closed out properly. One hadn't - for four years.
The account that looked clean
A former employee had left the company back in 2021, during the tail end of COVID. On paper, everything looked handled: email shut down, laptop returned, VoIP account disabled, mobile credentials revoked. Then we tried calling his old office extension - just to confirm it was actually dead.
Three rings, then a stranger answered
After three rings, it forwarded to someone who hadn't worked there in four years. He now runs business development at a competitor. The phone system had quietly kept doing exactly what it was configured to do, long after every other system had been properly shut down.
Not because anyone was careless, but because no one owns the entire stack.
Where these gaps actually hide
Even in businesses that handle offboarding well, things still slip through - not because anyone is careless, but because no single person owns the entire stack of systems a departing employee touched. Shared Dropbox or Google Drive folders, QuickBooks and financial tools, Zoom, CRMs, shared inboxes, admin panels and API keys, VPN or internal WiFi, and VoIP apps still connected to a personal phone all live in different corners of the business, managed by different people, if anyone.
Whose job is it, actually?
Offboarding isn't only IT's job. It involves HR, operations, and leadership too. But unless someone owns the process end to end and follows a real checklist, cracks get wider every time someone leaves. This case wasn't malicious - it was just a quiet door that never got closed, sitting open for four years before anyone thought to check.
A proper offboarding checklist that covers every system - not just the obvious ones - is the difference between a clean exit and a ghost that shows up years later.
