Background
Many companies have employees, suppliers, consultants, or old accounts with far more access than they need — sometimes long after they've left.
Questions to ask yourself
- Who can access our customer data, financial data, and core systems?
- Do former employees still have active accounts?
- Do suppliers have admin-level access they no longer need?
- Are staff sharing passwords?
- If something goes wrong, can we tell who did what?
What you can do today
Clean up access this afternoon
Three checks that take 30 minutes.
- 01Microsoft 365: Admin Center → Users → Active users. Cross-check every name against payroll.
- 02Look at your most important shared inboxes. Who has “send as” or delegate access?
- 03Send one email to every external supplier with access: “Tell me which accounts your team has, and when each was last used.”