It’s only bad practice if you don’t keep up on vulnerabilities/patching, don’t have any type of monitoring or ability to detect a potential breach, etc.
The nice thing about tucking everything behind a VPN is you only have one attack surface to really worry about.
Absolutely. I live in Milwaukee where the local archdiocese already did the whole bankruptcy deal years ago. Somehow they got to pay a small pittance to the victims, get out of everything else, and they still own all of their (very lucrative) property. And that’s not just the church buildings, but their giant lakefront campus and no doubt tons of other non-house of worship property.
And that was after all of the documents were released showing the leadership was completely aware of the problem and covering it up just like everywhere else.
It’s a complete sham and abuse of the bankruptcy system.