With top level access, the administrator holds the keys to the business; change settings, update passwords, lock accounts, create accounts, grant/remove privileges and more for all areas of business. Naturally, these privileges are most sought after by hackers because they too will have these high-level abilities, causing havoc across the whole organisation.
There are many ways a hacker gains access into systems, with user error being advantageous. Administrators must not succumb to such errors, but it is unreasonable to expect accidents not to occur at all. Providing a separate user account solely for administrative purposes (ideally on an independent, clean device) will eliminate the threat vector that errors impose and prevents cross contamination from everyday tasks. A standard user is then able to perform typical tasks but has no influence over change to the network’s security or functionality.
From this separate admin account, strict policies can be enforced to aid user best practice, which can otherwise be difficult to implement for a standard user. This includes taking the admin account offline.
Many cyber threats stem from phishing (fraudulent email manipulating the recipient into reacting to a request), with 86% of businesses experiencing this attack within the last 12 months (Department for Digital, Culture, Media and Sport, 2020). Evermore convincing, it becomes challenging to distinguish between genuine communication and fraud. The more genuine the scam may seem, the more likely the recipient will click on the link or attachment, spreading malware onto systems or divulging sensitive information. With every staff member reliant on email, anyone is susceptible to a phishing campaign. Never allowing users to check/send/receive emails on the administrator account, fully eliminates phishing temptations.
Spoofed websites that appear genuine can be traps to spread malware or steal information that you would normally provide to the legitimate website. Likewise, adverts through social media platforms can also be of malicious intent. These issues are avoidable by prohibiting website browsing and social media access as an administrator. Any administrative task carried out via the web browser must be whitelisted as a trusted source, for direct access to the genuine site and less risk of falling victim to spoofed sites.
Cyber criminals are quick off the mark to exploit vulnerabilities before a patch is released (known as a zero-day attack). By only installing apps required for administration purposes, you can reduce the attack surface and entry points available to exploit through unpatched software, and your patch management regime becomes easier to maintain.
Any preventative measures you have in place are imperative towards brute forced entry into systems and recovery from cyber incidents. Much like a door, it is far easier to walk through when it is wide open than locked shut. But no security solution is fully impenetrable. Insider threat is also a concern, as they already bypass many security solutions. Keeping the admin account separate and offline prevents unauthorised access in the event of compromise to the network.
Assuming a “worst-case scenario”, what you can do is reduce the impact an attack has towards your organisation by strategically managing staff privileges- categorising the level of access staff have to resources within the business network. In doing so, the cyber criminal will be limited to only that of the compromised user, reducing the likelihood they obtain information or control over your systems. To this end, it is crucial to restrict elevated capability to those with a genuine need for it, especially for administrative controls. Fewer users with admin privileges makes it far easier to enforce the policies discussed.
And it’s not only at work where separating administrative tasks comes in handy, this technique can be applied at home too.
The set-up will be on a single home device in plain sight so you must remember to lockdown the account with a strong, unique password. Our home browsing habits are more relaxed and we expose ourselves to phishing attacks through subscriptions, marketing notifications and more, making it important to safeguard the home network through best practice, especially when we sustain a working from home environment. Benefits of securing your admin capabilities at home are similar to those already considered. Additionally, you can oversee parental controls and prevent children influencing the settings themselves.
Nowadays, it is a matter of “when” not “if” a cyber attack occurs. So, when it comes to administrative tasks, never allow cyber criminals to take advantage of human error. Keep admin tasks separate; take the user account offline; and enforce strict policies.