Get Started
IT Strategy
field note · IT Strategy

The Unlucky Teacher Problem: Inheriting IT You Didn't Ask For

You did not sign up to run the network. The previous person left. Now it is yours. A survival pattern for the accidental IT owner: first hour, week, month.

Paul Ogier · founder 08 May 2026 6 min read

TL;DR

It happens to teachers, office managers, finance heads, and the new owner of a 14-person business. You did not sign up to run the network. The previous person left, retired, was let go, or went off on stress leave. Now you are it. The Wi-Fi password is in your head and three sticky notes. Read this before you change anything. Survive the first hour, map the estate in the first week, fix the dangerous gaps in the first month.

How does someone end up the “unlucky teacher”?

Never a job advert. Always a Tuesday.

The school IT champion who left. They built the lab, ran the parent portal, held the only admin on the Google Workspace tenant. The principal asked who knew about computers. You answered honestly.

The office manager who is “good with computers”. You set up the new laptops because the MSP took six weeks to call back. You now administer a Microsoft 365 tenant whose global admin belongs to a director who left in 2022.

The new owner of a small business. The handover was a single A4 page. Three passwords do not work. One service is billed to a personal credit card that closed in November.

The staff member who happened to know the Wi-Fi password. A printer. A new starter’s laptop. “Just have a look at the email.” Now you own it.

Not a niche. Most small organisations in the country.

What you actually inherit

A tangle of accounts on personal Gmail. The registrar recovery email is the previous IT person’s leaver inbox.

Passwords on sticky notes. A spreadsheet last edited in 2021. A password manager nobody bought a seat for.

An MSP nobody remembers signing up with. PDF contract from 2018. They invoice monthly and hold global admin on every tenant.

A domain renewal nobody knows about. Auto-renew on a card that may or may not still work. Login on the previous IT person’s mailbox.

Backup software that hasn’t run in 18 months. The console shows green ticks, but the last successful run is from before the file server was migrated. Nobody has tested a restore. Ever.

Antivirus licensed but unconfigured. A firewall whose admin password is the company name plus year of purchase. A cloud accounting platform with four ex-employees still listed as users.

The first hour: don’t break anything

Resist the urge to fix.

Do not change passwords. You will lock out an integration nobody documented and break payroll on Friday.

Do not cancel anything. Some recurring invoices pay for services you are about to need. The “weird” R280 a month is probably the off-site backup.

Do not delete the old IT person’s account. Disable login if you must. Forward the inbox to yours. You will need to read it.

Do not enable anything on a whim. “While I’m in here, let me turn on conditional access” is how you lock yourself out at four on a Friday.

What you do in the first hour is document. Open a notebook. Who has the keys to what. What is logging in. What is paying. What is failing.

The first week: map the estate

Before you fix anything you need to know what you have.

Every account. Every user, shared mailbox, service principal, “info@” or “admin@” generic. Mark global admins in red.

Every domain. Pull a list from the registrar. Note expiry dates. Move the account onto a corporate email and the company card.

Every password. Stand up a real password manager. Bitwarden, 1Password, Keeper. Pick one. Retire the spreadsheet.

Every recurring invoice. Pull twelve months of statements. Match each IT-shaped line to a service, an account, and an owner. The lines you cannot match are the most interesting ones.

Every device. Walk the office. Photograph the back of the rack. Note which laptops are still active.

Every contract. MSP, ISP, hosting, SaaS. If you cannot find it, ask the vendor for a copy.

Unsexy work. The only foundation that lets the next phase exist.

The first month: identify the dangerous gaps

By the end of week four you should be able to answer, with evidence:

  • MFA. Enforced on every admin and every regular user? Almost always: no.
  • Backup. Restore tested in the last 90 days? Almost always: no.
  • Full-disk encryption. Provable from a console, not “I think so”? Almost always: no.
  • DMARC, SPF, DKIM. Email domain authenticated? Almost always: no, and spoofs are landing.
  • Patching. OS and third-party apps current? Pick five random machines. Check.
  • Documented incident response. If ransomware hit on Saturday night, who is called, in what order? Almost always: nobody knows.

Pick the top three risks. Cost them. Take them to whoever signs cheques. Most are cheaper than a single bad day. Our walkthrough of what a real security audit looks like is a useful crib sheet.

When to ask for help

You are allowed to. You did not sign up for this. An audit is far cheaper than learning these lessons the hard way.

The pattern that works: a fixed-fee review that maps the estate, identifies the top five risks, and gives you a plan for the next 30 days. You then do the work, hand it to a partner, or split it. You stay in control.

Our professional services practice exists for this. We recognise the shape of every “I just inherited this” call before the person finishes describing it.

What you should keep, change, and delete

A simple triage frame.

Keep anything that works, has a current contract, a sane owner, and a real business need. Document it. Move ownership to a corporate identity. Move it to MFA. Move on.

Change anything where the function is right but the configuration is wrong. The MSP global admin becomes a named, MFA-protected, audited identity. The backup gets a schedule, targets, and a test-restore cadence. The Wi-Fi PSK that has been the same since 2019 gets rotated.

Delete anything you cannot find an owner, a contract, or a current business reason for. Old user accounts. Old mail forwarders. Old service principals. Disable first. Delete on a 30-day timer. If a phone rings on day 28, put it back.

The longer cousin on how not to lose the company at provider-handover lives in Succession Planning for SMBs.

It’s not your fault. But it is your problem now.

You did nothing wrong. The previous person left. The handover was inadequate. The organisation had no plan. None of that is on you.

What is on you now is the next bit. Slowly. With a notebook. Without panicking. Without breaking the things that still work. Without trying to be a hero on day three.

You will get there. Plenty of unlucky teachers have become the most competent IT owners their organisations ever had, because they were the first person to write it all down.

Book an “I just inherited this” emergency review. 60 minutes: account mapping, top five risks, recommended plan for your next 30 days. Fixed fee. Get in touch and mention “unlucky teacher”.

More in this series: Rants

  1. You Knew This Vendor Would Hold Your Data Hostage. You Signed Anyway.
  2. The Unlucky Teacher Problem: Inheriting IT You Didn't Ask For (Current)
  3. The IT Person Who Left 18 Months Ago Is Still Costing You Money
  4. QR Codes for Device Enrolment: Yes or No?
  5. Bitdefender Housekeeping We Wish Every Client Did
  6. Google Workspace Pain: What We See in the Wild
// filed under it strategy back to field notes
keep reading

More field notes

all posts →
// it strategy
// it strategy 8 min

You Knew This Vendor Would Hold Your Data Hostage. You Signed Anyway.

May 2026 Read →
// endpoint security 5 min

Bitdefender Housekeeping We Wish Every Client Did

May 2026 Read →
// google workspace 6 min

Google Workspace Pain: What We See in the Wild

May 2026 Read →

Ready to migrate?

Whether you need a full M365 migration plan or a security audit, our team is ready to architect your cloud future.

Email us directly support@osh.co.za