Do you know who has system admin access?

by | Dec 13, 2012 | Security

Security_Dec12_AOne common feature found across all operating systems is the ability to have different user accounts on the same computer. These users can be assigned different statuses and some can download programs while others cannot. Most of these systems have an administrator account which gives unrestricted access to the computer. It makes sense that companies limit who has admin rights, however, a recent survey reveals many professionals don’t do this.

According to the survey, conducted by Viewfinity, 68% of the 600 IT professionals surveyed don’t know who has administrative access to computers in their office. While this survey looks at the numbers from the IT viewpoint, it’s highly likely that many managers don’t know who has what access rights to computers.

The survey also found that 20% of all respondents noted that between 15% and 30% of users in their company had administrative rights. Is this a bad thing? Yes and no. Some users need to have full access to their systems, especially if they manage other systems, while others don’t.

Is this a big deal?
One of the biggest drawbacks of unnecessary access privileges is security. If users have more access than they need, the chance of a security breach is higher. For example, malware on a locked down system likely won’t spread to other systems in the network without direct transmission. Similarly, if a user can’t install programs because they lack the administration privileges, malware, for the most part, won’t be downloaded and installed.

If a user with full administrative privileges and downloads a piece of malware, chances are high that they won’t even notice it’s been installed and it will be transmitted to other systems with ease. In fact, one of the main ways hackers gain access to networks is through exploitation of administrative rights. They first look for an unsecured computer with administrative rights, hack it and then follow the chain up to more vital network systems.

What can we do?
While the survey was largely centered around IT professionals, business owners can learn from these findings too. They should take steps to audit their network and figure out who has access to what. Then they need to validate the findings and ensure that users have an appropriate level of access privileges. If some employees have no need to download and install programs, then they likely don’t need administrative access privileges.

If this sounds like a chore, it’s a good idea to work with a service provider who can help determine not only the type of access employees should have, but also the appropriate security and management that’s needed to ensure a more secure organization. If you’re unsure of who has access to what, please contact us, we may be able to help.

Published with permission from TechAdvisory.org. Source.

Related Posts

What is a Network Security Assessment?

What is a Network Security Assessment?

A network security assessment is a vital process that reveals the secrets of evaluating and strengthening your network defenses. In today's interconnected world, where cyber threats lurk around every corner, understanding the concept and purpose of a network security...

Preventing Phishing Attacks with Managed IT Services

Preventing Phishing Attacks with Managed IT Services

Phishing attacks have risen recently as many businesses store sensitive data online. Studies show that three billion phishing emails get sent daily. One of the best ways of preventing phishing attacks is by investing in managed IT services, and you’ll see how....

Cybersecurity Best Practices of 2022

Cybersecurity Best Practices of 2022

Cybersecurity threats are becoming increasingly popular as businesses digitalize their operations, calling for cybersecurity best practices. According to Identity Theft Resource Center’s data breach report, data breaches increased from 1,108 in 2020 to 1,603 data...

FIND OUT WHAT YOUR BUSINESS SHOULD EXPECT TO PAY
FOR HOUSTON TECH SUPPORT

Give us a call and discover how great local IT services and computer support can be!