Learn why granting local admin privileges is no longer justifiable, and how it can create vulnerabilities that cybercriminals can exploit in this blog post.
Key Points in This Article
These days, organizational cybersecurity should be top-of-mind for any cybersecurity professional. Whether cybersecurity is in your title or you’re a generalist handling everything from network maintenance to changing printer ink cartridges, it’s always critical that you keep an eye out for how our organization’s operations may inadvertently be creating vulnerabilities third parties can exploit.
When cybersecurity professionals conduct risk assessments, they often find vulnerabilities stemming from organizational practices that are pretty common across industries. One such practice is granting local administrative rights to individual users, most often in small businesses, organizations, and those with understaffed IT departments.
If you’ve worked for an understaffed IT department, you’ve likely spent much of your day handling mundane helpdesk requests. None of them take that much time, but there are a lot of them, and they don’t stop. You cannot devote adequate – sometimes any – time to the IT aspects of the organization’s revenue-diving activities or essential network maintenance and security because there are so many requests.
In this scenario, perhaps you, like many IT administrators, realized many of these requests could be handled by individual users simply by giving them administrative privileges. You may have saved some time on routine tasks, like adding applications, users, and hardware. And you may have found yourself breathing a sigh of relief given that you’ve now reduced the number of requests across your desk.
But doing so is a mistake. When you provide local admin rights to users across your organization, you’ve inadvertently made it more vulnerable to intrusion. And the extra work you’ll perform to address a data breach compared to the few minutes you may save installing a printer here, or there is certainly not worth it.
Users frequently try to install software programs they find online. When they do and lack local admin privileges, they’re prompted to ask permission to download the software in question. This prompt allows IT administrators to vet the software and ensure it does not present a threat. But when users have local admin privileges, they have the freedom to download applications as they see fit. And they may even disable network security measures that vet new applications for the presence of malware and viruses to expedite installation.
In doing so, they’ve exposed your organization’s network to risk. Malware and viruses lurk in seemingly harmless downloads found on official-looking websites. Not only can they compromise your user’s account and device. If downloaded on an account with local admin privileges, they can compromise your entire network’s security. Malware on such an account could disable your organization’s antivirus protections, turn off your firewall, and hijack your data on multiple devices.
Local admin privileges allow users to override the Group Policy you’ve established. If a hacker gains control of an account with these privileges, they could prevent your Group Policy from being accessed or create their own. In either case, your security protocols would be compromised, giving a criminal the ability to access and steal your data, encrypt your system and hold it for ransom, and conduct other activities that could be financially catastrophic for your company.
Many cybercriminals specifically seek administrative credentials to penetrate corporate networks. Fundamentally, the smaller the number of accounts with administrative credentials, the less risk one of these accounts will be compromised. In practice, users who have been granted these credentials outside of the IT department, by and large, have had minimal, if any, cybersecurity awareness training or have not followed best practices to safeguard their accounts. Accordingly, cybercriminals have found their way into these accounts easily and have been able to cause considerable damage.
Even if your IT department remains small and understaffed, granting users across your organization local admin privileges is no longer justifiable. Any time you save will be more than offset by the damage that can be caused in the event of a breach.
As an IT professional, you will face countless hours over the following days, weeks, and months scrambling to address the threat, regain control of compromised systems, and ensure your employer can remain operational. Your business might face reputational damage and legal consequences if client data is compromised. And depending on your industry, you may face regulatory action if the breach occurred because you failed to meet legally mandated cybersecurity standards.
The cumulative financial consequences of a breach can be catastrophic. Some research asserts that as many as 75 percent of small and medium-sized businesses go under after a ransomware attack. And no industry or sector of the economy is safe. In May 2022, Lincoln University permanently closed its doors after a devastating ransomware attack.
Even if you don’t suffer a breach in the near term, granting users local admin privileges can create more work and headaches for IT. You may find that departments are now downloading and using software applications you’re not equipped to support. Or you may find that in attempting to manage relatively simple tasks themselves, they’ve inadvertently created more complicated problems for themselves – and other users. You may not be saving yourself nearly as much time as you think.
It’s also not uncommon for senior leaders to believe that they should be granted local admin privileges by virtue of their position. And when they have them, they may accidentally cause problems for themselves or other users that you must address. Or you may find them using their privileges to undermine organizational cybersecurity measures out of a misguided attempt to increase productivity or out of hubris.
The cybersecurity of your organization must supersede all of these considerations. To preserve it, you must tightly restrict administrative privileges across your organization and actively monitor the accounts that possess them. Moreover, you must educate all users about cybersecurity continuously and thoroughly. Doing so will help you keep your organization safe and help them understand their loss of these privileges is not about a lack of trust. In fact, when your co-workers make the connection between the proliferation of accounts with local admin privileges, data breaches, and their own jobs, they’re likely to accept the removal of these privileges without protest.