Hi everyone,

I’m facing a challenging situation at work and could use some advice. I work as an IT support specialist at a family-owned health business, and my boss has repeatedly refused to upgrade an outdated Windows 7 system despite significant security risks and operational issues. The system is no longer supported by Microsoft, is vulnerable to serious exploits, frequently crashes, and has outdated BIOS firmware.

I’ve asked my boss multiple times over the past two months to upgrade the system, but he has consistently refused, insisting that we have enough security measures in place. However, I’m not confident in these security measures, as the system is connected to the internet and it can literally be hacked by a exploit within the operating system, potentially bypassing all of our firewalls. (e.g. EternalBlue, BlueKeep)

I’ve prepared a new desktop with Windows 10 as a backup, ready to be deployed if the current system fails. I’ve also laid out a plan that would cause minimal disruption, allowing the employee who uses this system to temporarily use the software on his laptop while we make the switch. Despite this, my boss still refuses and has become visibly frustrated with my repeated requests. I’m worried about getting fired for taking the initiative to address this critical issue. The employee has been asking for a new system for the last 2 months.

The Windows 7 system connects to our main server to access a specific piece of software via the web browser. We host it locally, the software basically tracks all the equipment/infrastructure around the warehouse. It would be a straightforward replacement, but my boss’s resistance and erratic behavior make it difficult to move forward.

I’m considering talking directly to the owners about this issue, as my boss’s refusal puts our operations at risk, but I’m concerned about potential repercussions. I want to ensure I handle this professionally and protect myself from any blame if a security breach occurs.

Most of my requests have been verbal, and an email I sent to my boss about upgrading was never responded to. I’m looking for advice on whether I should discuss this with the owners directly, the potential risks and benefits of taking this step, and how I can best document my efforts to protect myself. I definitely feel like I’m going to be used as a scapegoat. I’m also planning on seeking employment elsewhere after I get my Network+. This is my first IT job, I’ve only been working here 3 months and I already want to leave.

I appreciate any advice or experiences you can share. Thank you!

  • Lettuce eat lettuce@lemmy.ml
    link
    fedilink
    arrow-up
    13
    ·
    5 months ago

    First few months in IT? Welcome to hell…

    I’m kidding (mostly), I’m in IT also and if you’re in for even a few years, you’ll start to build a collection of horror stories like this one. We’ve all seen things you wouldn’t believe.

    So you need to have full buy-in from the owners. If you’re able to talk directly to them, then it sounds like this isn’t a huge company. If you clearly explain in a professional way to the owners the situation with documentation and they don’t fully support you, leave the company asap.

    As somebody who has been involved in multiple ransomware recoveries, trust me…you don’t ever want to deal with a rogue unsecured machine on the network. And owners that don’t care or take that risk seriously are absolute fools and this will only be the tip of the iceberg of stupidity.

    That computer is a ticking time bomb. Please for the love of God tell me that your boss doesn’t have local admin rights on his system.

    If the only thing your boss uses that system for is to connect to a web app to manage inventory, why is he mad about switching from windows 7? Does he just like how windows 7 looks visually?

    I guess it doesn’t really matter. Also, windows 10 isn’t a long term solution because it also goes EoL next year in October, so you’ll be in this same position in less than 2 years.

    You can either go to Windows 11, or if you wanna be a little wild, install a Linux distro like Mint on there and theme it like Windows 7. You solve the security problem and he gets to pretend he’s still in the early 2010’s.

    Honestly though, start looking for another job if the owners don’t support you 100%. IT is already a stressful and intense enough job, you don’t need stubborn idiots like your boss to add flavor.