I’m working at this health company; it’s my first IT job, and I’ve been here a little more than half a year so far. I do appreciate the opportunity I was given, but man, this place is kind of a wreck. The boss didn’t want to upgrade the Windows 7 computer that’s sitting on the network and utterly refused to do so. Even with everything that was shown that it could be upgraded, he was pissed, and it took six months to finally upgrade it to Windows 11 with the necessary software we have.
Another crucial issue is that literally the people who work on the floor have FULL ADMINISTRATOR ACCESS to install any programs they want. I brought this up to him, and he said, “We have bigger battles to fight.” The computers are literally just “Password” or the start date of the employees. So literally all someone has to do is ask when they started working here, and boom—they have access to their account. We also had local accounts sitting on every computer. He does not want to change any of this.
I am capable of switching jobs. I have talked one-on-one with big figures in the field like Richard Stallman before. I do testing and help port hardware for coreboot/Libreboot. I am also looking into getting my Linux+ (currently only have my A+). What should I do?
(My boss and I are the only two IT people)
the last time i was in a position like yours i almost learned the hard way to make documentation to protect yourself.
the next time you and your boss have a conversation on security things like that windows 7 computer; tell him that you’re going to send an email at the end of the conversation restating what he told you to do; then send that email; and then use your smartphone to take a picture of the email. (time stamps are important so make sure that the phone’s picture metadata is enabled and they’re usually on by default or make sure that the picture includes something with the date & time on it like a calendar on your computer).
do this for anything security related like passwords or administrator access. if you have a good boss, they’ll realize that you feel like you need to protect yourself and they’ll start making changes.
Oh, I’ve already been doing this putting “Read Receipt” on emails and also checking confirmation of delivery. I forward any critical emails to my personal email just in case he deletes it. He would definitely throw me under the bus if he wanted to. Thank you for the advice though!