When Key Staff Leave Suddenly: Your IT Emergency Termination Checklist

by Jon Lober | NOC Technology

 

At 8:20 AM, the board president was sick to their stomach. Their executive director had just been terminated – effective immediately. In the heat of the moment, they'd forgotten one critical detail: she still had admin access to everything.

 

The website. The donor database. Email. Bank accounts. Social media. All of it.

 

What followed was a frantic scramble to lock down systems before any damage could be done. It didn't have to be this way.

The Reality No One Wants to Talk About

Most businesses and nonprofits operate on trust. Key employees accumulate access to critical systems over years. That's normal and necessary – until it suddenly isn't.

 

When a termination happens (especially a contentious one), you have minutes, not hours, to secure your systems. The departing employee is likely sitting in their car in your parking lot with full access to everything on their phone.

 

Yet most organizations have no plan for this scenario. They discover what needs to be locked down by frantically clicking through systems, hoping they don't miss anything.

The Hidden Complexity of Modern Access

Twenty years ago, revoking access meant changing the alarm code and collecting keys. Today, a single employee might have:

 

  • Admin access to your website (possibly with the ability to delete everything)
  • Full access to customer/donor databases with export capabilities
  • Email admin rights (including the ability to read anyone's email)
  • Social media admin access (with the power to post or delete your entire presence)
  • Cloud storage containing years of sensitive documents
  • Access to financial systems and bank accounts
  • API keys and integrations that keep your business running
  • Personal devices with cached data and saved passwords
  • Third-party tools subscribed with their email address

 

The average executive has access to countless systems. Can you identify yours?

 

Building Your Emergency Termination Plan

The time to build this plan is now, when everyone is calm and rational. Here's how:

 

Step 1: Document Everything

Create a spreadsheet of every system your key employees can access. For each system, document:
 • Who has admin access
 • How to revoke access (specific steps)
 • Who else can perform this revocation
 • Whether personal devices have access
 • What data could be exported or deleted


This isn't paranoia – it's basic business continuity planning.

Step 2: Implement Technical Safeguards

  • Multi-factor authentication on everything. This gives you more control even if passwords are known.
  • Admin accounts should be separate from daily-use accounts when possible.
  • Use centralized identity management (like Active Directory or cloud-based SSO) where possible. One switch can disable access to multiple systems.
  • Regular access audits. Every quarter, review who has access to what. Remove anything unnecessary.
  • Backup admin accounts that aren't tied to any individual person.

Step 3: Create Clear Procedures

Your termination checklist should include:

 

1. Immediate Actions (first 30 minutes)

  • Disable Active Directory / primary email account
  • Revoke multi-factor authentication tokens
  • Change passwords on shared admin accounts
  • Disable VPN access
  • Wipe company data from personal devices (if MDM is in place)


 2. Urgent Actions (first 2 hours)

 

  • Lock website admin access
  • Revoke database access
  • Change passwords on financial systems
  • Remove social media permissions
  • Disable any API keys or integrations tied to the person


3. Follow-up Actions (first 24 hours)

 

  • Audit all systems for backdoor accounts
  • Review recent activity for data exports
  • Change any shared passwords they might have known
  • Update emergency contacts with vendors
  • Document everything for legal purposes


The Conversation No One Wants to Have

Bringing this up with leadership can be awkward. Try framing it as business continuity planning, not mistrust:

"If any of our key people won the lottery tomorrow and never came back, how would we maintain access to critical systems?"


Or more directly:

"We need to make sure the organization can function smoothly regardless of how someone leaves – whether it's retirement, resignation, or termination."


Special Considerations for Different Roles

IT Administrators pose unique challenges. They often have backdoor access you don't know about. Consider:

  • Having a managed service provider who can override internal IT
  • Regular security audits by outside firms
  • Clear documentation of all admin accounts

 

Executive Leadership often have the keys to everything. Plan for:

  • Board member or trusted advisor who can execute the termination plan
  • Legal counsel familiar with your systems
  • Pre-documented authorization for emergency actions

 

Financial Staff require extra attention around:

  • Bank account access (work with your bank on protocols)
  • Credit card admin panels
  • Payroll system access
  • Financial reporting tools


When It Happens

If you're reading this because you're in crisis mode right now:

 

  1. Don't panic. Most departing employees don't do anything malicious.
  2. Start with email and remote access. This prevents most immediate risks.
  3. Work systematically through your critical systems.
  4. Document everything you do and when.
  5. Call in help – your IT provider, legal counsel, HR consultant.
  6. Monitor for unusual activity over the next few days.

The Best Security Is Good Management

The ultimate protection isn't technical – it's treating people well so contentious terminations are rare. But when they do happen, being prepared can mean the difference between a rough day and a catastrophic breach.

 

Every organization should have this plan in place. Not because you expect to use it, but because the day you need it is the worst possible time to create it.

 

Start building your emergency termination checklist today. Your future crisis-mode self will thank you.

Note: This post is about IT security and business continuity, not legal advice. Always consult with HR and legal professionals about proper termination procedures and compliance with employment law.

NOC Technology provides managed IT services and cybersecurity solutions for businesses in St. Louis, St. Charles, and surrounding Missouri counties. Need help building your IT emergency plan? Contact us today.

Every Device on Your Network Is a Door. Are Yours Locked?

By Jon Lober February 13, 2026
Endpoint security for Wentzville, MO businesses: why every device on your network is a door, how attackers target endpoints, and what small and mid-sized compan

How to Spot a Phishing Email Before You Click (And What to Do When One Gets Through)

By Jon Lober February 13, 2026
Guide for O'Fallon, MO businesses on spotting phishing emails, using MFA, and building layered cybersecurity so one wrong click doesn't take down the company.

How to Spot a Phishing Email Before It Costs Your Business Thousands

By Jon Lober February 12, 2026
Your employees will get a phishing email this week. Here's how to train your team to recognize the red flags before someone clicks the wrong link.
More Articles