Top Security Mistakes that IT Admins Make (And How To Avoid Them)

Microsoft MVP Orin Thomas lays out the most common security pitfalls IT administrators face, and how everything from the cloud to company management can make them worse.

It's not just end users who have bad habits. IT administrators have them, too, from poor user account management to juggling one or two passwords for multiple accounts.

Enter Microsoft MVP and veteran server administrator Orin Thomas, who's well-versed in troubleshooting the most common bad habits plaguing IT shops. His upcoming TechMentor 2018 session at Microsoft's Seattle headquarters, "30 Terrible Habits of Server and Cloud Administrators," will take a close look at the biggest mistakes IT administrators make, why they happen and how they can be fixed. Ahead of his session, we asked Orin about the most common security pitfalls for IT administrators.

What would you say is the No. 1 worst habit (with the worst repercussions) of server and cloud administrators?
Not applying software updates. So many security events would not have occurred if systems and applications were simply kept up to date.

How has cloud changed the game as far as what administrators can do wrong?
It's now possible to delete your organization's entire infrastructure because it all exists as ephemera in the cloud. It was pretty difficult to destroy an on-prem server room or datacenter filled with physical hardware, even if you drove a front-end loader through it. Not that any of us wanted to do that. We just thought about it occasionally.  

What are two or three common security mistakes every admin should avoid?
Using the same password for multiple accounts across multiple systems. Configuring account passwords so they don't have to be changed. Avoiding a problem because you worry that attempting to solve it might make things worse.

"Ignored problems don't go away, they just fester quietly until they become bigger problems."

Orin Thomas, Server Administrator and Microsoft MVP

If there was one habit caused by laziness that you could completely banish, what would it be?
Not applying software updates and not documenting things. It shouldn't take the efforts of Sherlock Holmes to determine what something does and why it was configured to do it that way.

How do you even know if you or your team has a problem?
Everyone and every team has bad habits. Rather than pretending we don't, try instead to recognize them and do something about them.

What are the roles a company can play in contributing to an environment where IT has bad habits, and how can managers deal with that?
A lot of problems occur because people aren't given enough resources to do their jobs. If organizations provided enough resources, IT departments could go from being reactive to being proactive.

What else would you like to share with our readers about this topic?
Ignored problems don't go away, they just fester quietly until they become bigger problems.

About the Author

Gladys Rama is the senior site producer for Redmondmag.com, RCPmag.com and MCPmag.com.


  • Office 365 Attack Simulator Now Supports Attachments

    The Attack Simulator in Office 365 tool has been updated and now has the ability to include message attachments in targeted campaigns, according to a Friday Microsoft announcement.

  • How To Disable Touch Input in Windows 10

    When the touchscreen on your Windows 10 laptop goes bad, there's no reason to throw that baby out with the bath water.

  • Microsoft Previews Windows VM Authentications via Azure Active Directory

    Microsoft on Thursday announced a preview of remote authentications into Windows-based Azure virtual machines (VMs) using Azure AD credentials.

  • Windows Server 20H1 Getting Smaller Containers and Faster PowerShell

    Microsoft is promising to deliver a smaller container size and improved PowerShell performance with its next release of Windows Server.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.