Call (716) 373-4467
02Jun

The Risks Associated with Local Administrative Privileges

What are Local Admin Privileges?

Many companies allow their employees to make adjustments to their work computers without the need for IT interference. This means that they can download programs, connect to printers, and modify software already installed on their computer.

Users generally enjoy the freedom that local admin rights provide, especially in a company with limited IT personnel. Instead of waiting for an available IT worker, you can go into your computer and make the adjustments that you desire.

However, providing users with local admin rights will leave holes in your cybersecurity. 

Why You Should Reconsider Local Admin Privileges

1. Prevents Malware from being Downloaded

Restricting users’ ability to install software not only prevents them from installing unnecessary programs onto their computer, but it can also stop an employee from accidentally clicking and installing malware.

Employees come into contact with malicious software more than they realize. This could be through an attachment on a phishing email, a malicious website link, or if they decided to scroll through social media on a company device.

Around 66% of cybercriminals rank email phishing as their attack vector of choice. Unsuspecting employees may be fooled by an illegitimate email without thinking twice. Without local admin privileges, then there is an increased chance the malware will be stopped since the employee doesn’t have the authorization to install software onto their computer.

2. Decreases the Privileges for Potential Hackers

If a hacker were to gain access to an account with local admin privileges, the damage could be endless. This is especially true for a business that is not utilizing security measures such as Multi-Factor Authentication (MFA) or Password Managers. 

Once a hacker has breached your computer they could download malware, spyware, or even ransomware. Resulting in computer files being locked, credentials being stolen, or even a virus spreading throughout your entire network.

Restricting local admin privilege’s for your employees is a great way to decrease cybersecurity threats from happening in the first place. However, security measures like Password Managers or using MFA can decrease the damage done by a hacker if a computer were to be compromised. 

According to Microsoft, MFA can block over 99.9% of account compromise attacks. This means that even if a hacker knows your credentials, they will not be able to log in because they won’t have access to your MFA code.

If this is something you are interested in setting up for your organization, give us a call at 716-373-4467 or email info@databranch.com. 

3. Minimizes the Risk of Costly Downtime

Receiving malware or having a hacker breach your security system could cause your company to shut down while the issue is being resolved. All the time you could have been spending working on a project, closing a deal, or procuring new clients is now lost. 

This could also result in your businesses reputation taking a hit. Clients will wonder why you’ve had to close for days, weeks, or maybe even months. Plus, you may have to discuss security risks with some clients if their personal information was leaked during the breach.

Interested in calculating what the cost of downtime could be for your business? Click here for Databranch’s Recovery Time Calculator.

4. Prevents Restricted Files and Accounts from Being Edited

Accidentally clicking the wrong button happens to the best of us. You could be reviewing some important client files when your finger slips and presses the delete button by mistake. You may not notice right away and by the time you realize and try to get your information back, it’s too late.

Restricting local admin privileges allows a company to control which files can be modified, deleted, or moved. 

On top of this, restricting users’ ability to modify accounts and files not only prevents employees from making a mistake but also prevents hackers from altering your companies settings as well. A hacker who has breached an account with local admin privileges could secretly make an account for themselves or even disable antivirus software. 

Solutions

Principle of Least Privileges

Adopting the Principals of Least Privilege is a great addition to a companies security portfolio. This is when a business only gives their employees the minimum level of access privileges that are needed to fulfill their job requirements. 

If the employee needs to download additional software or update a program on their computer, they will need to have IT personnel log into their administrative account and make these adjustments for them.

Here at Databranch, we not only believe in the Principle of Least Privileges but we actively practice it. None of our employee login accounts have local administrative privileges. 

MFA and Password Managers

Enabling MFA and utilizing Password Managers is another great way to stay on top of cybersecurity for your business. These applications are easy to use, relatively inexpensive, and extremely beneficial to a company.

Want to talk to an IT Professional about any of the topics covered in this article? You can contact us at today at 716-373-4467 x 15 or info@databranch.com to set up a meeting, or simply fill out the form below and one of our team members will contact you. We would love to talk about your cybersecurity and how we can help you enhance it.

comments powered by Disqus
2FA AI APC backup Breaches business continuity Business Email Compromise BYOD client of the month cloud computing computer services computer support computer upgrade Computer Upgrades Control Chief covid-19 CryptoLocker CryptoWall Cyber Attacks cyber criminal cyberattack cybercrime cybersecurity Cybersecurity Training Dark Web Monitoring Dark web scan Data Breaches data protection Data-Loss Prevention Databranch Databranch Comprehensive Care databranch cto databranch employees Device Security Discounts doug wilson dura-bilt email migration email security End of Support Exchange Online Facebook field technician Hackers Hardware Refresh heat-induced server crash holiday computer tips holiday internet tips How Long Do I have to Upgrade my Windows 7 Computers? i.t. service provider ID Agent Information Technology Internet Security IT Compliance IT Outsourcing IT Security IT Services J.P. Morgan local admin privileges malware managed service managed service provider managed services Microsoft Microsoft End of Support Microsoft Office Microsoft Patching Microsoft Support Microsoft Telephone Scam mike wilson mobile device security Multi-Factor Authentication Network Infrastructure Office 2013 Office 365 old UPS password management Password Manager password security Passwords PC Performance Penn-Troy Manufacturing Personal Data phishing Phishing Attacks Power Failure productivity Professional Tune-Up proper server environment Ransomware remote access repeatbusinesssystems SBS2011 Scammers security security vulnerabilty Server 2008 Server 2008R2 Server Upgrade server virtualization Small Business Small Business Server 2011 smb Smishing SMS intercept Social Media Social Media Security Solid-State Drive stolen credentials Symantec Symantec Backup Exec technology best practices temperature Tips Two-Factor Authentication Upgrading to Windows 10 UPS virus Western New York Windows 10 Windows 7 Windows Server 2003 Windows Server 2012 winrar Work Computers