Excellent advice:
“Find a new IT guy. And lock down your desktops. They are company property. Set up a good proxy and block known malware sites and vector sites. If it’s not needed for business purposes, block it!”
We have two younger relatives. One is a vp for a major size company, who had a terrible terrible info system, and the other knows what to do with corrupted it systems and what do afterwards. They are first cousins and probably get along better than brothers.
The advice, of the expert was to remove their IT with zero warning, have an outside audit, replace the IT guy with a team that would stay until the problems. That team would interview candidates for the IT replacement
Their plan was put into action. The IT was given a Kinko’s box with his personal gear at the gate and nice severance check and sent away. They found a lot of bad stuff on the system. Now, the computers and servers can only be used for business not personal use of any type. There is some control with company smart phones.
Now their info systems work for them not to keep a worthless IT employed, who said no instead of helping.
Their new/current IT sits in at meetings to help or to what he can do to help. He is available to help not impede.
A couple of decades ago, our CEO decided to fire the IT guy and replace him with a dude with a much better attitude.
He discussed all pros and cons with other executives and HR - over the corporate Exchange server.
The administrator was not pleased as he read everyone’s email. Suddenly the CEO was signed up for websites with the company Amex, that I just don't think are legal, and certainly not moral. Lists of commonly used passwords in our company suddenly appeared on a Brazilian sever, and the main back up server was used to pirate movies. We even contracted with Cisco to get the guys out of the servers and they just kept coming back.
So Dave, I heartily second your advice. If ever replacing IT, discuss it at Del Friscos and be decisive.