this post was submitted on 07 Jun 2024
200 points (96.7% liked)

Asklemmy

43901 readers
1960 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
200
deleted (sh.itjust.works)
submitted 5 months ago* (last edited 5 months ago) by gnutard@sh.itjust.works to c/asklemmy@lemmy.ml
 

deleted

you are viewing a single comment's thread
view the rest of the comments
[โ€“] NaibofTabr@infosec.pub 34 points 5 months ago* (last edited 5 months ago)

A couple additional thoughts:

  • You sent your boss an email using your company email server. You do not control this server. You cannot rely on this email as a paper trail, any email you send could be deleted by someone else with administrative access. In Outlook it's possible to delete any email that was sent internally and the logs that it was sent.

  • You should write down the date(s) and time(s) that you sent emails about this to your boss, on paper. Keep it with your other work notes.

  • You should not include any specific technical information about your company's systems in this paper record as this might expose you to liability in the future. Just record when you sent the emails and a general description of the subject (e.g. "email to boss about upgrading out-of-date operating system"), and a short description of any response (verbal or written).

  • You have offered to upgrade this system. Your boss said no. It's not your responsibility anymore.

  • If I were in your position I would tell my boss explicitly that I won't be responsible for the security of this system or anything connected to it, at least not without a signed risk acceptance statement. You might not feel comfortable doing that, it is potentially confrontational.

  • If you've been told that you're responsible for this system (your employment is dependent on it) in spite of your objections, please take a look at this article about security hardening for Windows 7 and try to implement as much as you can. If you're not responsible for it, don't mess with it.