Administrative privilege is designed to give a user complete control over all aspects of their computer. This includes the ability to install and uninstall programs, run macros, and enable and disable applications. Whilst this may seem practical for individual users, the default settings for many businesses is to allow all employees to have administrative access over their systems. Unfortunately, this can lead to cybersecurity breaches. A 2016 report stated that 80% of all data breaches involved the use of privileged credentials in some manner.(1)
Minimising administrative privileges minimises the threat of cyber-attacks as general users won’t have the administrative authority to download and install malicious code (malware). This is why Restricting Administrative Privileges is one of the Australian Cyber Security Centre’s (ASCS) Essential 8 strategies, recommended for businesses to implement to mitigate cyber-attacks.
Our GOLD and higher Cybersecurity Management System (CSMS) packages include management and implementation of Restricting Administrative Privileges; ensuring all employees have the required permissions needed to maximise productivity.
Restricting Administrative Privileges, also known as a Least-Privileges Administrative Model, is the practice of only enabling the minimal computer administrative privileges needed by an employee to carry out their daily operational duties.
In most cases, this will mean creating single point user accounts with restricted access for all employees. However, some departments, such as Accounting or HR, may require additional privileges to access financial and/or personnel information. This is where a hierarchy of privileges needs to be established; with absolute minimal users assigned overall administrative rights. The top administrative users then manage the administrative privilege levels of all users across the organisation.
Restricting Administrative Privileges is highly important, as reducing the number of people who have access to critical systems, reduces the risk of hackers being able to access it. This is because most user profiles will not have the authority to download and install programs, thus, malware and exploit kits will likewise not have access to install themselves on the system.
An important part of managing privileges is to review and update regularly to ensure it does not impact an employee’s ability to undertake their work.
Restricting Administrative Privileges is an ACSC Essential 8 mitigation strategy designed to limit the extent of cybersecurity incidents. Implementation of a hierarchy of privileges can have a range of business-wide benefits. Here are our top five reasons to implement Restricting Administrative Privileges.
In the occurrence of a cyber-attack, businesses that have implemented least privileges principles will experience much less damage to their systems. This is because, when a hacker accesses a computer, they can quickly gain control of the ‘rights’ of the computer. By ensuring the user has minimal administration rights, the hacker will also have minimal privileges, and this will restrict the level of damage they can induce.
The 2017 IBM Cybersecurity Report stated that companies take, on average, 191 days to recover from a cyber-breach.(2) Implementing privilege levels reduces the spread of malware, easily containing the infection, therefore, making it easier to remove. This means less downtime for businesses.
Gaining access to companywide administrative privileges is the holy grail for hackers. Once accessed, hackers can implement a wide range of destructive codes to gain access to files, implant ransomware or simply spy on company dealings. Therefore, protecting this access is vital for all businesses.
Control over all levels of privileges makes it easier for IT teams to implement company-wide updates and patches which can further protect businesses from cyber-attacks. Swift updating can minimise downtime for employees, reducing frustration and increasing efficiencies.
Unfortunately, and rarely, disgruntled employees can cause major issues for businesses by accessing privileged areas and stealing data or resources, or, implanting malware. Limiting privileges across the businesses prevents both outside and inside cyber incidents.
The ACSC Essential 8 strategy highlights three key areas relevant to managing administrative privileges.
Firstly, the recommendation is to only allow employees access to operating systems and applications bases on their duties and responsibilities. This means assessing individual employees’ roles and requirements and establishing a privilege hierarchy across the business.
Secondly, there is a need to review and revalidate the need for privileges regularly to ensure users don’t have access to irrelevant features, as well as ensure that all employees have access to everything they need to maximise their productivity.
Lastly, privileged administration accounts should sit in silo and not have access to email or web-browsing. This means there should be only a very small number of administrative privilege accounts and they are only used for network-wide authoritative measures. It also ensures that there is minimal potential of cyber-attacks occurring on the administrative system, and thus gaining the ‘keys to the kingdom’.
Establishing the hierarchy, monitoring privileges and ensure compliance can be difficult for businesses to manage on an ongoing basis. Our CSMS and higher GOLD packages take care of all this for you. For companies without an IT department, we can also manage your privileged administrator account to make sure no malicious programs gain access to your systems.
Get in touch with our friendly team, we can provide you with all of the information you need to make the best decision for your business.Contact Us