It's really frustrating when you have a client that uses archaic software that affects the security of their server and yet they refuse to move away from it. Despite reasonable explanations on why running something like Outlook 10 is a problem.
Discussion
The little goblin part of my brain wants to do something minorly malicious to prove my point, but that would be rude on my end.
That's called a White Hat Wake-up. You can do it tactfully.
Not really. Yes they pay me for security and server hosting but without explicit pentesting permission I could get sued for something like that.
Yes you can. It's called a "real time demo". Make a fake employee to be the target, make fake documents that indicate typical data they would store (customer records, balance sheet, HR records, or whatever would be typical for their dept/industry), then hold a meeting where you demonstrate a compromise.
The resulting information should be 100% financial, showing how much they can lose, and how much they can spend to prevent the loss.
Hack them, take them hostage, and they'll be worth your time again. 😉