Hey everyone, I just started my new job and I've noticed a concerning situation with our workplace PCs. They haven't been updated in over two years and are running an end-of-life version of Windows. On top of that, we don't even have a proper Privileged Identity Management (PIM) solution, there are multiple Global Admin accounts, and domain admin credentials are being used on all PCs. Considering we have less than 100 employees, how big of a security risk do you think this is? I'm worried about potential vulnerabilities and data threats, especially as it's my first week here and I'm already spotting these issues.
7 Answers
Honestly, dive into those security practices and see what's configured on both local machines and servers. Start proposing to group users and limit GA access, then patch those machines thoroughly. It’s going to require some effort, but you’ve got to get moving on this!
Honestly, I've seen a lot of situations like this. It’s definitely a ticking time bomb! But unless you have a solid backing from management to improve security, you might find yourself labeled as a troublemaker. Just tread carefully—sometimes it's about picking your battles.
Keep an eye on the backup status, too. If nothing is backed up properly, then things could spiral out of control if a ransomware attack hits. Investigate what's running on those accounts—reducing access rights can be a solid first step.
This sounds like a big red flag! Just one person clicking on the wrong link with domain admin rights could jeopardize all the company data. My advice? Try to gauge the culture first before raising major concerns. Maybe compile your observations into a report and share it with your supervisor. It’ll show you’re proactive without putting yourself in the line of fire right away.
Any tips on how I might test the waters without stepping on too many toes? The IT director is also responsible for finance, so it feels tricky to bring this up.
You could ask about the update status in a casual way, like 'Is there a reason we haven’t updated these systems?' That might open the door to a discussion.
What does your IT team usually handle? Two years without updates? That’s alarming! It’s like they’re saying that as long as things are running smoothly, everything is fine—which is not the best approach.
Exactly! It seems like the culture is 'no news is good news' as long as the systems don’t crash.
This is just a disaster waiting to unfold. Regarding the admin usage, do normal users have domain admin rights or is it just the admins? Either way, that’s a big risk. You should be raising concerns about phishing threats too.
Regular users don’t have DA rights, but IT uses them for tasks that require elevated permissions. It feels wrong to me.
You might find it hard to change things in a place like this. Yes, it's definitely a security risk, especially given that you’re in finance. But I'm betting that you’re already aware of the issues since you've spotted multiple red flags already! I really hope you can help improve the security measures there!
I am keen on making improvements! Figuring out new solutions has been somewhat fun, despite the situations.
That’s exactly my concern! Being new, I don’t want to rock the boat. But I also know these practices are really unsafe.