Programming a solution to a solved problem is overkill.
In this case I believe it's very appropriate. They have a static arrangement, (vendor wants in, someone turns access on, manually) and when they're done, someone's supposed to shut it off. This process has demonstrated a history of being unreliable. So the solution comes down to one of three things. (1) replace or retrain whoever is in charge of the process in the hopes of improving reliability, (2) automate the process that is not being done reliably, or (3) redesign the process so it's more reliable by default.
(1) is often either futile or short-term. Any number of things can go wrong here, immediately, soon, or long down the road. People get replaced, are out sick for a few days, forget, make mistakes, whatever. (3) is usually unnecessarily expensive, or at least difficult and time-consuming.
It's been my experience that (2) is almost always the best solution. I'm a big fan of automation, and "pick the right tool for the job". (where "tool" refers to either evolved monkeys or computer programming) Computers are almost always more reliable than people, never rely on a person to do a job that a computer can do more reliably. Given the OP's description of the problem, a few minutes of bash or crontab to automate the disabling of the remote access is almost certainly the best answer. I do this sort of thing where I work all the time. I get tired of fixing the same problems over and over that people just can't seem to do reliably. I automate it, and the problem disappears, forever. The initial investment of time always pays for itself. Sometimes in a few days, sometimes in a few weeks. Sometimes once or twice over, sometimes a thousandfold.
Sidenote: whenever something around here breaks, I ask myself a lot of questions. Is there a fair chance it will happen again? Could full automation or manually-initiated scripting have prevented it? Should the system have provided better logging before or during the event? Could the system have predicted the failure ahead of time and given us early warning? Could the system have identified and alerted us of the problem after it occurred, before we (or the client...) discovered it ourselves? Could the system have initiated automated damage control when the failure occurred? This is all a part of automation.