When setting up any type of PC operating system or software access there is always a balance between security and ease of use. Unfortunately, ease of use often wins out, leaving systems vulnerable and easily infected by a virus or malware.
One of the biggest examples of this is running a computer with local administrator rights. It makes it easy to install software, add or remove printers, and change other settings, like power use.
But with that flexibility for the user, which might save a few minutes when it comes to installing new software, comes a huge risk when it comes to your network security and potential liability for a data breach.
Data breach notification can cost a business up to $740,000.
When you add up the costs of a data breach, the few minutes of inconvenience to a user having to go through security protocols to install a new printer doesn’t seem that bad.
Data breach costs to a business include:
- Immediate cost of downtime
- Costs for urgent repair of breach
- Breach notification costs
- Potential data privacy regulatory fines
- Cost of lost customer trust and business
What’s so risky about running a computer under local administrative rights? Lots!
The Perils of Running a Computer Under Local Admin Rights
Whenever you or one of your employees login to their computer, you’re on a particular user account and that account has specific privileges. If a user login has local admin rights, that means they can do just about anything.
Local admin rights on a PC grant permission for things like:
- Creating or deleting user accounts
- Changing passwords for any user accounts
- Installing programs
- Adding hardware connections
- Changing network settings
- Modifying system files and settings
Sounds great if you’re the legitimate user, right? It means you aren’t going to get locked out by a pesky permissions warning if you need to install the newest team chat software your company is using.
But imagine that a hacker gains access to your computer and now, because your login has admin rights, they have all those same privileges. It means they can pretty much take over your entire computer and gain access to other devices connected to the same network.
Here are the top four dangers of allowing your main PC user account to have administrative rights.
Higher Risk of Virus/Malware Infections
The main way that viruses and other types of malware infect a computer and network is by the user accidentally installing it. This can be from a malicious website link or email attachment sent through a phishing email, which are incredibly common.
On average, each employee receives 4.8 phishing emails every week and about 30% of those emails make it past default security measures. That’s why these types of attacks have only increased over the years and why they’re the main cause of data breaches around the world.
If the login that is being used doesn’t have administrative privileges, then many types of malware (though not 100%) can be stopped simply because the user doesn’t have the ability to install software on the system. This includes ransomware, spyware, trojans, and more.
Computers Becoming Critically “Messed Up”
While “messed up” isn’t quite a technical term, it’s instantly recognizable as the result from a user that doesn’t quite know what they are doing accidentally changing critical system settings that break something.
There are certain file and system settings you don’t want everyone to have access to on their PC because changing them can cause a computer to stop working properly or may end up creating problems that take hours to untangle and repair.
Allowing Hackers to Create New User Accounts
Administrative privileges give a hacker the “keys to the kingdom” on your PC, which means they can do things like create new user accounts and grant full access to those users that won’t be impacted if you change your login password.
They also have the ability to change the ownership of sensitive documents or folders and can even restrict your access. Once they’ve created a user account of their own with admin rights, they don’t need yours any longer and can lock you out of certain files, folders, and settings.
Attacking Other Devices on Your Network
Do you think a virus would just be contained to your PC because you don’t have the login for other devices on your network? Think again. Hackers have ways to getting past that once they gain administrative rights on your system.
They can lay traps for other users that may have higher privileges than you through the access to the network they gain by hacking your PC. One example of this is installing a fake certificate of authority on a system so a user believes they are vising a trusted site when it’s really one that’s downloading a virus. This puts an entire company network at risk.
How Can I Run My PC Without Admin Rights?
Without local admin rights, you’re probably wondering, “Well, then how do I run my computer and install software when I need to?”. You can still have a user account that has admin privileges for making the needed changes, just not the one you use every day.
For the best network security, there are endpoint privilege management tools that eliminate unnecessary privileges and elevate rights to a more secure environment without hindering productivity.
Get Help with Computer Privilege Management
Are your company’s PCs running with users having admin rights? Let us help you with a security plan that won’t slow down your team but will greatly reduce your chance of being breached.
Contact Connect2Geek today for a free IT security consultation at 208-468-4323 or through our contact form.