A significant security risk to your organisation

We frequently have security conversations with clients about user permissions, and how they need to be carefully controlled. Many organisations understand the need to provide staff with the correct permissions to access data, but do not realise the implication of local admin rights.

What are local admin rights?

Local admin rights allow users to make changes to their computer. This includes (but is not limited to) installing software, changing system settings, managing user accounts on the device and even accessing other people’s data that may be stored on the device.

What are the risks?

Unauthorised access: having local admin rights can lead to exposure of confidential or business-critical information as the account will have FULL access to every user’s data on the device

Malware infections: local admin rights allow users to install any software without restrictions, including inadvertently installing malware or viruses disguised to look like genuine applications

Security breaches: bad actors can easily exploit the power of local admin rights to disable antivirus, install malicious software, change system settings, create new users or move laterally across your internal network

Ransomware: attackers can encrypt data using ransomware tools, making your data inaccessible

What are the options?

No user should be a local admin. Full stop. More advanced users such as database administrators or IT help desk staff require additional permissions or higher level access, however that doesn’t mean privileged users must be local admins.

Even a well-meaning, conscientious member of staff with local admin rights presents a risk to your organisation, and potentially is putting your data, systems and reputation at risk.

At System 15 we strongly encourage a philosophy of Zero Trust, which is a security model framework that assumes threats can come from both inside and outside your network. Enforcing least privilege and removing local admin rights makes it much harder for attackers to compromise your network.

Get in touch with one of our security team if you would like to learn more about methods to protect your organisation.