It just goes to show that the biggest security risk isn't some spotty onanite in a bedroom, its your own staff or recent ex-staff.
This harks back to the Windows Authentication article earlier this year. If Jim could only access the network via his logon it would be a good line of defence.
One of the IT Newspapers over in the UK has a character called BOFH (B***d operator from hell) and his response would be to log all attempts to access the network via an ex-employees logon and forward those logs to the legal department.
It does beg the question, shouldn't all the necessary people have been told of Jim's departure.