A wide range of security threats to your business could be thwarted by simply disabling administrator rights on staff computers.
If you’re a large organisation then you might be lucky enough to have dedicated IT people to set up new computers and kit out new staff members. If your business doesn’t have this kind of luxury then staff are perhaps handed a new PC and left to fend for themselves. If this sounds like you then you might be setting yourself up for disaster.
When most people set up a new computer, they usually stick with the default user account and then get on with their job. They’ll set a password and perhaps a cute user icon, maybe the kitten or that retro toy robot, but after this they’ll give no more thought to their account settings.
The problem with this is that the default Windows user account has administrator rights, letting you install software, change settings and run things in the background. This might make life easier when you’re setting up a new PC, but it also makes life much easier for malicious software trying to get a foothold on the computer.
Whatever your business does, the majority of your staff don’t need to run with administrator rights all the time. It’s an unnecessary risk, like giving every staff member a set of keys to every door in the building rather than just the areas they need to do their job. Administrator rights are like a full set of keys to a computer.
Instead it’s much safer to create a new user account on staff computers with standard user rights. They can use this account for day to day activities. Most staff probably don’t even need to know the administrator password for their computer, just like most don’t need the keys to the office safe.
This isn’t just unfounded paranoia. Disabling administrator rights would mitigate an amazing 97% of all reported critical security vulnerabilities, according to an analysis of Microsoft Patch Tuesday bulletins by UK-based security firm Avecto. You could argue that disabling administrator rights is just as important as installing antivirus, but it’s a simple step that many people overlook.
Running all your computers with full administrator rights is a major security risk which can easily be avoided. Taking those rights away from staff who don’t need them is a smart move which makes it harder for malicious software to get a foothold in your business.
David Hancock is the founder and managing director of Geeks2U, a national on-site computer repair and support company.