How to Improve Cybersecurity by Restricting Local Admin Accounts

Apr 15, 2022 | Blog

Many businesses are unwittingly making themselves more vulnerable to cyberattacks by allowing their employees to have administrative user accounts on their computers.

Computers typically allow for two types of user account:

  • Standard user accounts – for those users who need to run applications but who should be limited or restricted in their administrative access to the computer.
  • Administrative user accounts – for administrators who need complete control over files, folders, services, and local user permission management. Admin accounts are the default setting in Windows.

Most users naturally prefer having admin access on their devices, because it means they can easily make their own updates, download their own software, and run whatever applications they want without having to submit a request and wait for approvals to perform an action. In fact, whenever we recommend limiting or eliminating local admin accounts for our clients, we tend to get a lot of push back, which is totally understandable.\

However, it is much better for employees to go through a minor inconvenience than risk a massive cyber-attack or data breach. Such attacks can damage reputations, lead to significant financial losses, and even, in some cases, put a company out of business.

Don’t Give Cybercriminals a Way in

We live in a period where social engineering attacks are used as a primary mode to trap people into exposing their credentials. All a hacker needs to execute a massive attack against your business is access to one local admin account. Once a cybercriminal gets a foothold in your network – from one compromised Windows host – they can move laterally in your network and wreak havoc. Local admin accounts are almost always (90% of the time) a major root cause of data breaches.

Best Practices to Manage Risk

Local admin accounts carry significant security risks, and improper management could lead to disastrous situations. In sophisticated attacks, hackers may dwell undetected for a long time.

At Sixwatch, some of the approaches we take to manage risk include:

  • Eliminate local admin accounts and use local standard accounts for all users. From a governance perspective, this creates a need for a request- approval policy which can cause delays but creating a process for this can align expectations and reduce frustration.
  • In rare instances where a user needs local admin rights (i.e. such as access to a mission-critical app like Quickbooks), we implement and document compensating controls and ensure that the devices used have priority in the patch management program.
  • Any user with local admin rights should also have multi-factor authentication (MFA) enabled in every single place where it is available. MFA is a multi-layered security process which requires a user to present a combination of two or more credentials to verify identity before they are allowed to log in to a system.

While these best practices are vital to improving your cybersecurity efforts, there are a wide range of additional protective measures we can put in place to help you secure your valuable data.

SIXWATCH in Tampa provides scalable security solutions that can help protect your business against the latest cyberthreats and scams. To learn more about our top-tier cybersecurity and managed IT services and how we can help you, visit our website or contact us today. We’ve got your back.

More Insights