Top Security Mistakes that IT Admins Make (And How To Avoid Them)

Microsoft MVP Orin Thomas lays out the most common security pitfalls IT administrators face, and how everything from the cloud to company management can make them worse.

It's not just end users who have bad habits. IT administrators have them, too, from poor user account management to juggling one or two passwords for multiple accounts.

Enter Microsoft MVP and veteran server administrator Orin Thomas, who's well-versed in troubleshooting the most common bad habits plaguing IT shops. His upcoming TechMentor 2018 session at Microsoft's Seattle headquarters, "30 Terrible Habits of Server and Cloud Administrators," will take a close look at the biggest mistakes IT administrators make, why they happen and how they can be fixed. Ahead of his session, we asked Orin about the most common security pitfalls for IT administrators.

What would you say is the No. 1 worst habit (with the worst repercussions) of server and cloud administrators?
Not applying software updates. So many security events would not have occurred if systems and applications were simply kept up to date.

How has cloud changed the game as far as what administrators can do wrong?
It's now possible to delete your organization's entire infrastructure because it all exists as ephemera in the cloud. It was pretty difficult to destroy an on-prem server room or datacenter filled with physical hardware, even if you drove a front-end loader through it. Not that any of us wanted to do that. We just thought about it occasionally.  

What are two or three common security mistakes every admin should avoid?
Using the same password for multiple accounts across multiple systems. Configuring account passwords so they don't have to be changed. Avoiding a problem because you worry that attempting to solve it might make things worse.

"Ignored problems don't go away, they just fester quietly until they become bigger problems."

Orin Thomas, Server Administrator and Microsoft MVP

If there was one habit caused by laziness that you could completely banish, what would it be?
Not applying software updates and not documenting things. It shouldn't take the efforts of Sherlock Holmes to determine what something does and why it was configured to do it that way.

How do you even know if you or your team has a problem?
Everyone and every team has bad habits. Rather than pretending we don't, try instead to recognize them and do something about them.

What are the roles a company can play in contributing to an environment where IT has bad habits, and how can managers deal with that?
A lot of problems occur because people aren't given enough resources to do their jobs. If organizations provided enough resources, IT departments could go from being reactive to being proactive.

What else would you like to share with our readers about this topic?
Ignored problems don't go away, they just fester quietly until they become bigger problems.

About the Author

Gladys Rama is the senior site producer for Redmondmag.com, RCPmag.com and MCPmag.com.


  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.