In The Trenches LogoThe Devolutions Blog Logo
The Front Line Against
IT Chaos & Cyber Threats

4 Reasons Why Giving Everyone Administrative Rights is a Bad Idea

Giving Everyone Administrative Rights Bad Idea

In the offline world, we don’t let just anyone wander around our offices looking into files and opening drawers and cabinets. We have role-based security to keep things safe and secure.

However, in the online world, businesses that give everyone administrative rights — usually because it’s more convenient to do so — are violating this fundamental security principle and putting their data and reputation at risk. Here are four reasons why giving everyone administrative rights is a bad idea:

1. Newbies Can Unleash Havoc

People who are new to the organization — a.k.a. newbies — can unintentionally unleash havoc by doing things on the network that may have been okay in their previous company, but are definitely not permitted in their new one. For example, torrenting and downloading unauthorized software that can consume the whole corporate office’s Internet bandwidth. Data loss can also occur through corporate shares that rapidly spread a cryptolocker infection.

2. Rogue Insider Threats Are Real

Although it’s not common, the fact is that insider threats are a real possibility these days. What’s more, this can happen to organizations that we would least expect. Giving everyone administrator rights could lead to devastating data leaks, and even fines and lawsuits.

3. Sometimes Guests Take Over

Have you ever invited a guest to stay at your house, and then all of a sudden they take over? Well, that can happen to your network as well, because sometimes cyber criminals are disguised as guests. This is an even bigger risk since security is generally more relaxed for guests than employees (e.g. they may have their own laptop, which is not controlled by corporate policies).

4. Hackers Enter Through the Back Door

Many businesses have strong perimeter security and good threat detection systems. So, does that mean hackers give up and choose a different line of work? No, they adapt by going through the back door — usually by spear phishing and targeting users who have weak passwords yet full administrator rights, and then glide right into the network without setting off any alarm bells.

How Role-Based Security Helps

A password manager like Devolutions Password Server (DPS) makes it easy to give different types of users the appropriate access (and no more than that!) based on their role. Plus, when Devolutions Password Server is used in combination with Remote Desktop Manager, it becomes the single pane of glass of any IT department: it integrates passwords and credentials vaulting with a robust and efficient remote connections management solution — and it can all be accessed through a simplified and familiar web interface.

Click here to try Devolutions Password Server in your environment free for 30 days. And keep newbies, rogue insiders, fake guests and hackers from invading your network!

From Our CISO:

Here is an additional warning from our CISO Martin:

Most organizations don’t even realize that they actually ARE giving administrative access to EVERYONE. It all starts with some exceptions. Then, with a lack of clear policies, controls and monitoring, a few permissive privilege occurrences get out of control. What was temporary becomes permanent, and what was required for a task is now taken for granted. Permitting new administrative accesses augments the likelihood and the impact of a successful breach on your organization. Identify, control and monitor your privileged access periodically!

Derick St-Hilaire

Hello there! My name is Derick St-Hilaire, and I’m the Salesforce Administrator here at Devolutions. I’m one of the more experienced employees here at Devolutions, and it has been amazing to see the company and community grow over the years. My primary responsibilities include managing our Salesforce platform, and working closely with our strategic partners and customers. I also oversee the management of Devolutions Force, which is our VIP Advocate Community. Academically, I have a bachelor’s degree in marketing. When I’m not working, I enjoy camping, walking my dog, playing video games, and I’m a huge movie fan — including the Star Wars franchise of course. If you would like to join Devolutions Force, or if you wish to get in touch, then you are welcome to contact me directly at dsthilaire@devolutions.net.

Follow us by Email

Delivered by FeedBurner

Devolutions is a leading provider of remote connection, password and credential management tools for sysadmins and IT pros.

DEVOLUTIONS.NET | 1000 Notre-Dame, Lavaltrie, QC J5T 1M1, Canada | infos@devolutions.net
All rights reserved © 2022 Devolutions