this post was submitted on 22 Jan 2024
1 points (100.0% liked)

Sysadmin

12 readers
1 users here now

A reddit dedicated to the profession of Computer System Administration.

founded 2 years ago
MODERATORS
[email protected]
1
Sanity check on security practices (zerobytes.monster)
submitted 11 months ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 
This is an automated archive.

The original was posted on /r/sysadmin by /u/DryOrganization1301 on 2024-01-22 09:54:38+00:00.

Background: I'm a relatively new jr sysadmin, but was desktop support for 5 years prior. Current org is smallish (<200 users) and local government.

At my current role, there are some IT practices that I can't help but think make our org vulnerable to attack.

This includes:

  1. Unencrypted hard drives (we have bitlocker available to us already)
  2. Everyone's an admin on their own computers
  3. No MDM for our mobile devices

I've brought these up to my IT director (small org, so I report straight to him) and I've pretty much been brushed to the side for all of them.

A lot of his reasoning is along the lines of "we've been fine so far" and that it's more convenient. He seems content on keeping things as they are for the most part. He's the old stubborn sort

In the back of my mind, all of this is a ticking time bomb for a major security incident.

Am I crazy?

Edit 1: advice is also appreciated

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here