I work part time as a network admin for a medium size company (around 120 employees). We service kids with autism so patient confidentiality is critical. We have to maintain HIPAA compliance.
Some of our staff periodically have to take a test to become certified in their field, and the tests are proctored by Pearson VUE. Unfortunately the testing software doesn’t play well with our company firewall and requires local admin privileges. The only way I’ve been able to get people testing successfully onsite is by completely bypassing our firewall for a specific network drop, turning off windows firewall and defender, while the PC is logged in as a local admin.
Obviously I’ve communicated to my boss that this is a network security risk. Her argument is that the PC is only on for testing 2x a week for 45 minutes.
Does anyone have some resources that would be helpful in explaining how risky this is? Is it just a matter of time before that laptop is scanned, connected to, and a giant pile of malware is dumped on it?