In the offline world, we don’t let just anyone wander around our offices looking into files and opening drawers and cabinets. We have role-based security to keep things safe and secure.
However, in the online world, businesses that give everyone administrative rights — usually because it’s more convenient to do so — are violating this fundamental security principle and putting their data and reputation at risk. Here are four reasons why giving everyone administrative rights is a bad idea:
1. Newbies Can Unleash Havoc
People who are new to the organization — a.k.a. newbies — can unintentionally unleash havoc by doing things on the network that may have been okay in their previous company, but are definitely not permitted in their new one. For example, torrenting and downloading unauthorized software that can consume the whole corporate office’s Internet bandwidth. Data loss can also occur through corporate shares that rapidly spread a cryptolocker infection.
2. Rogue Insider Threats Are Real
Although it’s not common, the fact is that insider threats are a real possibility these days. What’s more, this can happen to organizations that we would least expect. Giving everyone administrator rights could lead to devastating data leaks, and even fines and lawsuits.
3. Sometimes Guests Take Over
Have you ever invited a guest to stay at your house, and then all of a sudden they take over? Well, that can happen to your network as well, because sometimes cyber criminals are disguised as guests. This is an even bigger risk since security is generally more relaxed for guests than employees (e.g. they may have their own laptop, which is not controlled by corporate policies).
4. Hackers Enter Through the Back Door
Many businesses have strong perimeter security and good threat detection systems. So, does that mean hackers give up and choose a different line of work? No, they adapt by going through the back door — usually by spear phishing and targeting users who have weak passwords yet full administrator rights, and then glide right into the network without setting off any alarm bells.
How Role-Based Security Helps
A password manager like Devolutions Password Server (DPS) makes it easy to give different types of users the appropriate access (and no more than that!) based on their role. Plus, when Devolutions Password Server is used in combination with Remote Desktop Manager, it becomes the single pane of glass of any IT department: it integrates passwords and credentials vaulting with a robust and efficient remote connections management solution — and it can all be accessed through a simplified and familiar web interface.
Click here to try Devolutions Password Server in your environment free for 30 days. And keep newbies, rogue insiders, fake guests and hackers from invading your network!
From Our CISO:
Here is an additional warning from our CISO Martin:
Most organizations don’t even realize that they actually ARE giving administrative access to EVERYONE. It all starts with some exceptions. Then, with a lack of clear policies, controls and monitoring, a few permissive privilege occurrences get out of control. What was temporary becomes permanent, and what was required for a task is now taken for granted. Permitting new administrative accesses augments the likelihood and the impact of a successful breach on your organization. Identify, control and monitor your privileged access periodically!