Skip to the main content.

solutions mega inset

3 Reasons the Co-Managed IT Model Might Be the Perfect Fit

Focusing on investing in IT can provide a better outcome in the long run, as it helps in avoiding issues and maintaining high performance. So it is always recommended to opt for quality service rather than compromising on the budget.

Read Now



Yellow quotations

We aim to help our clients soar to new
heights, by setting our sights on the mission
total client reassurance. Then create a
flight plan, lock in our course, and take-off.
We’ve got your six!

Weve got your six defense badge - Graphics - Sixwatch


Sixwatch has meticulously crafted educational content, deploying it swiftly into the technology and cybersecurity airspace, ensuring our customers and followers remain perpetually informed and mission-ready.

Sign Up
Yellow Line


Stronger Together

We’ve got your six. Sixwatch is the premier managed IT service provider offering our clients the depth and scope of IT consulting, cybersecurity, support, and leadership services.

contact hyde house


2 min read

How to Improve Cybersecurity by Restricting Local Admin Accounts

How to Improve Cybersecurity by Restricting Local Admin Accounts

Many businesses are unwittingly making themselves more vulnerable to cyberattacks by allowing their employees to have administrative user accounts on their computers.

Computers typically allow for two types of user account:

  • Standard user accounts – for those users who need to run applications but who should be limited or restricted in their administrative access to the computer.
  • Administrative user accounts – for administrators who need complete control over files, folders, services, and local user permission management. Admin accounts are the default setting in Windows.

Most users naturally prefer having admin access on their devices, because it means they can easily make their own updates, download their own software, and run whatever applications they want without having to submit a request and wait for approvals to perform an action. In fact, whenever we recommend limiting or eliminating local admin accounts for our clients, we tend to get a lot of push back, which is totally understandable.\

However, it is much better for employees to go through a minor inconvenience than risk a massive cyber-attack or data breach. Such attacks can damage reputations, lead to significant financial losses, and even, in some cases, put a company out of business.

Don’t Give Cybercriminals a Way in

We live in a period where social engineering attacks are used as a primary mode to trap people into exposing their credentials. All a hacker needs to execute a massive attack against your business is access to one local admin account. Once a cybercriminal gets a foothold in your network – from one compromised Windows host – they can move laterally in your network and wreak havoc. Local admin accounts are almost always (90% of the time) a major root cause of data breaches.

Best Practices to Manage Risk

Local admin accounts carry significant security risks, and improper management could lead to disastrous situations. In sophisticated attacks, hackers may dwell undetected for a long time.

At Sixwatch, some of the approaches we take to manage risk include:

  • Eliminate local admin accounts and use local standard accounts for all users. From a governance perspective, this creates a need for a request- approval policy which can cause delays but creating a process for this can align expectations and reduce frustration.
  • In rare instances where a user needs local admin rights (i.e. such as access to a mission-critical app like Quickbooks), we implement and document compensating controls and ensure that the devices used have priority in the patch management program.
  • Any user with local admin rights should also have multi-factor authentication (MFA) enabled in every single place where it is available. MFA is a multi-layered security process which requires a user to present a combination of two or more credentials to verify identity before they are allowed to log in to a system.

While these best practices are vital to improving your cybersecurity efforts, there are a wide range of additional protective measures we can put in place to help you secure your valuable data.

SIXWATCH in Tampa provides scalable security solutions that can help protect your business against the latest cyberthreats and scams. To learn more about our top-tier cybersecurity and managed IT services and how we can help you, visit our website or contact us today. We’ve got your back.

A Digital Cleaning Is What Your Business Tech Needs

Digital cleaning, such as checking for outdated technology, may be more impactful than you think. Recent statistics show that cybercrimes occur more...

Read More

3 Creative Ways to Motivate Your Remote Workforce

According to a Harvard Business Review study, 71 percent of the managers surveyed believe that employee engagement is one of the most critical...

Read More

Why Your Business Needs a Data Recovery Plan

We all know how important our business data is in today’s digital world. We are creating and using tons of new data every day. In fact, according to...

Read More