Administrative access in an organization is something of a bittersweet privilege. Although it drastically improves ease of use for employees, it creates a risk of large-scale security breaches.
A survey carried out by Varonis found that, on average, 17 percent of sensitive files in an organization are accessible to every staff member. Compared to regular users, a local admin has tremendous influence over corporate networks. It is important to determine whether your regular staff members need local admin rights to perform their daily tasks.
Consider this perspective: 1 in 99 emails are phishing attack attempts. Most employees are unaware of which emails are dangerous. If your organization has devices with local admin access, this could turn into a prolonged problem over which you have no direct control.
In this article, we’ll talk about what it means to be a local admin, as well as some of the potential dangers of being a local admin and a few steps you can take to mitigate those risks.
What is a local admin?
A local admin is a user with permission to manage a single device on a specific network. Some of the actions available to a local admin include:
- Modifying system files, settings, and preferences
- Creating or deleting other users
- Changing passwords for other user accounts
- Installing programs and applications
- Amending network settings
Local admin rights can be beneficial. A local admin can add new applications, log in to sensitive files and accounts without an admin key request, and alter user permissions on the server—all tasks that can be accomplished more quickly with local admin rights. However, it should be implemented with caution.
Dangers of being a local admin on your PC
As an IT manager, granting local admin rights to your staff opens many doors for threat actors.
Heightened risk of malware infections. With no administrative restrictions, users can download files freely from sources like spoof websites and phishing emails. Threat actors can easily use these tactics to take advantage of users in your organization. If these users don’t have the minimum standard of security knowledge, or if they have not been given the relevant cybersecurity training by their IT department, they run into malware-related problems without ever knowing how or why.
Employees receive an average of 4.8 phishing emails per week. Simply downloading a file or visiting a phishing link from these emails can leave your organization vulnerable to a large-scale data breach. When a user has local admin rights enabled, it makes it far easier for threat actors to reach other areas of an organization.
Critical network operations can be disabled or unusable. Granting local admin capabilities to staff risks your operational setup and the settings associated with it. By granting local admin rights, you enable staff to alter settings and permissions across other devices on your network.
Because many employees will not know exactly which settings they are changing, local admin rights should be minimized. Employees may allow access to a resource for personal use, but this may snowball into disabling access for many other business-critical resources. This can affect file ownership, software updates, security patches, and even critical operations like cloud storage and email.
Threat actors can gain full access to your organization’s operations. Threat actors can recognize when a user has administrative access and use this information to their advantage. They can take advantage of local admin PCs to create a duplicate of the same privileges by creating a new user on their home device—via VPN, for example.
New local admin devices created by threat actors are a dangerous and persistent threat. They can wreak havoc by disabling account operations and restricting file access to other users.
While local admin permissions can be beneficial, they have drawbacks and can create critical security vulnerabilities. An organization must manage this access strategically.
Start the Conversation
We're big believers in culture fit. Contact Tier 3 Technology Solutions for a commitment-free conversation about your business's IT Support needs.
Three ways to manage local admin rights
Whether it is from a business or personal standpoint, local admin rights can heighten the threat of attacks like malware, phishing, and insider threats. As an organization, your corporate data and user protection come first, and ease of use comes second.
Here are 3 ways to manage the risk associated with local admin access on PC devices:
- Remove local admin rights from users who don’t actively need to download files. This step reduces the prevalence of shadow IT in your organization. You want to know where download requests are coming from and why they are popping up. If you are not getting this data collated, you run the risk of a malware attack.
- Invest in cybersecurity tools such as threat intelligence and antivirus software. These tools allow your IT department to actively monitor threats before they are leveraged into an organization-wide problem.
- Implement a privilege management tool. With a privilege management tool, staff members can be issued certain systems privileges without granting them full access to configuration tools that could change the layout of your network and the data associated with it.
In addition to following best practices for managing local admin rights as an organization, consider consulting a managed service provider, if you don’t already partner with one. A high-quality managed service provider can be a great strategic resource when it comes to implementing security measures into a comprehensive IT support plan.
Many people have admin rights but are unaware of the consequences of an attack or change that were to occur to the network or device. Local admin access can be a great addition to any device, as long as the end user acts responsibly.