Managed IT
Our IT Guy Quit. Now What? A Survival Plan for Western PA Small Businesses
A version of this conversation happens in our inbox every couple of months. The voicemail is short. "Our IT guy just quit. We have no documentation, no passwords, nothing. Can you come look at our network this week?"
If you are reading this because you just got that two-week notice, take a breath. Then keep reading. The first 72 hours matter more than the next 90 days, and there is a specific sequence that gets you out of this without losing data, locking yourself out of your own systems, or paying a ransom you did not see coming.
This guide is written for the owner or office manager of a 5 to 50-person business in Western Pennsylvania (or one of the bordering counties in Ohio, West Virginia, or western New York). It assumes you are not technical. It assumes the person leaving was either your one in-house IT person, the office manager's nephew who has been "helping out," or a part-time contractor whose name is on every admin account in your environment.
What happens to a small business when the IT guy quits?
The short version: every shared account, every admin password, every SaaS subscription, every cloud backup, and every domain registrar login that lived in one person's head is now a security risk and an operational risk at the same time.
The longer version, in the order it usually unfolds:
Day one, nothing feels different. The Wi-Fi still works. Email still flows. The accounting software opens. The owner thinks, "we have time to figure this out."
Week three (so, a week after the IT person actually leaves), the first thing breaks. Usually it is a printer driver, a Microsoft 365 license renewal, or a backup that quietly failed and now shows a red icon nobody can resolve. The "we have time" feeling evaporates.
Month two, the real damage shows up. A phishing email gets through because nobody is reviewing the security console. A vendor bills the company for a SaaS the business stopped using two years ago because the renewal autocharged a credit card linked to the former IT person's email. The cyber liability insurer sends a renewal questionnaire and nobody can answer the questions about patch cadence or MFA enforcement.
The goal of the first 72 hours is to lock down the bleeding so you have a real choice about what comes next, instead of being forced into whatever happens to you.
What information do you need to recover in the first 72 hours?
Before the IT person walks out the door (or, if they already did, before their accounts get disabled at the SaaS vendors they were managing), you need a list. Print this. Hand it to the person leaving. Get it back signed.
The list:
- Domain registrar login (GoDaddy, Namecheap, Network Solutions, etc.). This is the single most important credential in your entire business. If you lose it, you lose your email and your website at the same time, and recovering it takes weeks.
- Microsoft 365 or Google Workspace global admin credentials, plus the recovery email and recovery phone tied to that account.
- DNS provider login if it is separate from the registrar (Cloudflare is common).
- Website hosting login (Vercel, WP Engine, GoDaddy hosting, AWS, whatever).
- Server admin credentials (Windows Server local admin, Active Directory admin, any line-of-business server like accounting, EHR, PMS, CAD file server).
- Firewall admin login and the model number.
- Wi-Fi admin login (the SSID router, not the guest password).
- Antivirus, EDR, or RMM console login (Huntress, SentinelOne, ConnectWise, Datto, N-able, whatever shows up on the screen).
- Cloud backup login (Datto, Veeam, Carbonite, Backblaze, etc.) plus verification that backups are actually completing.
- All SaaS admin accounts: accounting (QuickBooks Online, Sage, NetSuite), payroll (ADP, Gusto), CRM (HubSpot, Salesforce), document management, e-signature, password manager.
- Phone system admin (RingCentral, 8x8, Nextiva, on-prem PBX).
- The password manager itself (1Password, Bitwarden, LastPass). If the company has one, that is your master inventory. If it does not, that is the second priority after this list.
If your IT person used their personal email for any of these, that is the highest-risk item on the list. Personal-email recovery routes (the "I forgot my password, send a link" flow) all go to an inbox you do not own.
Once you have the list, change every password and update every recovery email and phone to a company-controlled email and a company-controlled phone before the departure date. Yes, the IT person will be inconvenienced for their last week. Yes, do it anyway.
For a real-world scope check: a 22-person manufacturing shop in the Shenango Valley typically has between 35 and 60 distinct accounts on this list. A 15-person accounting firm in Butler usually has 70 plus, because the regulated software stack and the tax-prep platforms multiply quickly.
Should you hire another in-house IT person, or switch to a managed IT services provider?
This is the decision every owner faces in week three, after the dust settles and the printer driver is fixed.
The math, plainly:
A full-time, mid-level IT generalist in Western Pennsylvania currently costs $65,000 to $85,000 in base salary, plus 25 to 30 percent in benefits and payroll taxes. Call it $85,000 to $110,000 fully loaded. That is one person. They take vacation. They get the flu. They eventually quit. And for a 15-person business, they are underused 60 percent of the time, because there are not enough hours of actual IT work to fill 40 hours per week. So they fill the rest with side projects, "researching new tools," or sitting at a desk waiting for a ticket.
Managed IT services (the model where one company handles all of your tech as a flat monthly fee per user, also called an MSP) for the same 15-person business typically runs in the range of $1,500 to $4,500 per month all-in, depending on the depth of service. That number covers a team of 4 to 15 technicians, after-hours coverage, the monitoring and security tooling, patch management, vendor management, and a vCIO (a virtual chief information officer who reviews your roadmap quarterly).
The unsexy truth is that almost every business under 50 employees is better served by the MSP model. The crossover point where an in-house IT team starts to outperform a good MSP is usually 75 to 100 employees, and even then most companies keep the MSP for after-hours coverage.
The exception is regulated industries with very specific compliance requirements (HIPAA for medical and dental practices, PCI for retail and restaurants, financial-services rules for accountants and law firms). Those businesses still benefit from an MSP, but they should pick one that has worked inside their regulatory regime before, not a general-purpose shop.
How long can you safely operate without dedicated IT support?
In our experience, about three weeks before something breaks, and about six weeks before something breaks badly enough that the owner stops sleeping.
The three-week mark is when the first patch cycle gets skipped. Windows pushes a quarterly update, Microsoft 365 changes a permission, an antivirus license renews on a defunct credit card, and nobody is watching. None of these are catastrophic on their own. All of them together create the gaps that ransomware operators look for.
The six-week mark is when a real incident lands. The most common scenarios we see in Mercer, Lawrence, Butler, and Crawford counties: (1) a phishing email gets through and an employee wires money to a fake vendor (averaging $42,000 in the small businesses we have triaged), (2) a workstation gets encrypted by ransomware and the backup is two months stale, (3) an email account gets compromised and the threat actor sits in the inbox for weeks reading invoices before redirecting payment to their own bank.
If you are heading into one of those windows, the priority order is straightforward: lock down the password list above, enable MFA everywhere it is not already on, verify your backups are actually running and actually restorable, and get someone reviewing your security console. Those four things take about 10 hours of focused work and they buy you the time to make a real decision about long-term IT support.
What does a Western PA managed IT services provider actually do for a 15-person company?
The honest version of the service list, without the marketing puffery:
- Monitor every workstation, server, firewall, and switch 24 hours a day. When something goes red on the screen, a real person looks at it. Most issues are fixed before the owner notices.
- Patch every operating system and every common application (Microsoft, Adobe, Chrome, the line-of-business software) on a defined schedule. Not when the user clicks "remind me later" for the fifteenth time.
- Run the antivirus, EDR, and threat-hunting tools. Review the alerts. Investigate the false alarms. Escalate the real ones.
- Manage the cloud backup. Verify it ran. Verify it can actually restore. Run a test restore quarterly so you know the backup is real and not a folder full of corrupted files.
- Handle Microsoft 365: license counts, mailbox migrations, MFA enforcement, SharePoint permissions, Teams policies. Most companies pay for licenses they are not using and are missing licenses they need.
- Help the team. Onboarding a new employee (laptop, accounts, training) takes 90 minutes and is done before their first day. Offboarding (accounts disabled, data preserved, license freed) takes 30 minutes and is done by 5pm on their last day. Both should happen with one email from the office manager.
- Quarterly review with the owner: what we did this quarter, what is on the roadmap next quarter, what regulatory or insurance changes are coming, what risks need attention. This is the part most break/fix shops never offer because hourly billing punishes the conversation.
For a financial-services firm or accounting practice (where MCR Business Tech Solutions does a lot of its work in Butler and Lawrence counties), the service list also covers cyber-liability questionnaire support, tax-season uptime planning, and IRS-grade data retention. For a manufacturer in the Shenango Valley, it covers shop-floor PC reliability, ERP uptime, and CAD workstation performance. The framing depends on the business, but the underlying work is the same set of tools applied with judgment.
What should you do this week if your IT person already gave notice?
Three things, in this order.
One, complete the credential inventory above. Get the list signed before the IT person's last day. If they have already left, this becomes a credential-recovery project instead of a credential-transfer project, and the order of operations changes (the registrar is the highest priority because it is the slowest to recover).
Two, get a second opinion from someone who is not selling you an in-house IT hire. Most MSPs in Western PA (including us) offer a no-cost IT assessment that walks the credential inventory, the security posture, the backup state, and the licensing inventory. A real assessment takes 60 to 90 minutes, results in a written report, and does not require a signature on anything. If the assessor leads with a quote before the assessment, walk away.
Three, decide on a model (in-house or MSP) within two weeks. Do not let this drift for two months. The drift is what creates the incidents.
If you are in Mercer, Butler, Lawrence, Crawford, Erie, Allegheny, Washington, or Westmoreland county (or in Trumbull, Mahoning, or Columbiana county in northeast Ohio), MCR Business Tech Solutions handles managed IT for businesses in your size range. Call 833-859-9021 or request an IT assessment. The first call is a conversation, not a sales pitch. Whether you end up working with us or not, you will leave the call knowing what your next step is.