Ok so I’ve recently started working for a new client which is a SMB consultantancy and it turns out they have a public folder structure with each of their clients config in, including their usernames and passwords for domain admin accounts.
This is a huge security issue in my opinion but the consensus I get from the other guys who work there is yes we know but management won’t pay for a proper password management tool.
Surely there is some legislation or laws they are breaking doing this?? Anyone got any experience regarding GDPR or similar that can shed any light on this?
I’m not interested to grass them up, more so I educate them and give them actual hard facts as to why this is a major no no
Cheers all
This is a huge security issue in my opinion but the consensus I get from the other guys who work there is yes we know but management won’t pay for a proper password management tool.
Surely there is some legislation or laws they are breaking doing this?? Anyone got any experience regarding GDPR or similar that can shed any light on this?
I’m not interested to grass them up, more so I educate them and give them actual hard facts as to why this is a major no no
Cheers all
Comment