Small companies has limited resources and sometimes the tech has limited time to migrate systems from one server to another one, they just do the minimum to transfer the data and the application and when the application is working fine on the new server, they finish their work.
Why would you be afraid of this situation, I would be in a panic mode!!!!, there is one step that is always missing and it is the decommission and retired the old server, the old server normally is left connected on the network without patching and an old application, and stay there for years without nobody attending it. This server is completely vulnerable on the application and the OS itself, it can be compromised and uses to lunch another attacks or escalate on the network.
Retired a server after migrating the data or application require only a couple of hours, please make sure your tech remove it from the network if you are planning to or remove the old application and set the best security practice.
Security require some basic steps, one of those is not to leave any old server around, ask your tech to remove it from the network.
If you need to secure your small business please give us a call, please check: www.thehost1.com