A common expectation of the younger generation entering the workforce is that the technology they use is unrestricted. They want to be able to access social networks and YouTube, and to personalize their systems by downloading favorite apps, backgrounds, etc. Many companies have obliged and give all users administrative access to their computers. However, a recent survey has highlighted that this could create real problems.
According to the survey, conducted by Viewfinity, 68% of the 600 IT professionals surveyed don’t know who has administrative access to computers in their office. While this survey looks at the numbers from the IT viewpoint, it’s highly likely that many business managers don’t know who has what level of access rights to which computers.
The survey also found that 20% of respondents noted that between 15% and 30% of users in their company had administrative rights. Is this a bad thing? Yes and no. Some users need to have full access to their systems, especially if they manage other systems, while others don’t.
Is this a big deal?
One of the biggest drawbacks of unnecessary access privileges is security. If users have more access than they need, the chance of a security breach is higher. For example, malware on a locked down system likely won’t spread to other systems in the network without direct transmission. Similarly, if a user can’t install programs because they lack the administration privileges, malware, for the most part, won’t be downloaded and installed.
If a user with full administrative privileges downloads and installs a piece of malware, it can be very easily transmitted to other systems on the netork. In fact, one of the main tactics hackers use to gain access to networks is through exploitation of administrative rights. They first look for an unsecured computer with administrative rights, hack it, and then follow the chain up to more vital network systems.
What can we do?
While the survey was largely centered around IT professionals, business owners can learn from these findings too. They should take steps to audit their network and figure out who has access to what. Then they need to validate the findings and ensure that all users have an appropriate level of access privileges. If some employees have no need to download and install programs, then they likely don’t need administrative access privileges.
If this sounds like a chore, we suggest you work with a service provider like Providence who can help determine not only the type of access each employee should have, but also determine the appropriate level of security and management that is needed to ensure a more secure organization. If you’re unsure of who has access to what, please contact us, we are here to help.
