Your organization has all of the latest bells and whistles in place to keep your IT infrastructure secure. There is an enterprise level firewall, encrypted servers, and an up to date antivirus installed on every workstation. However, there is one oversight that is a problem within many organizations; employees with administrative level computer access.
I know it sounds odd, “My employees are a security threat to my business?” Yet for almost a decade now, security experts have stated that the No. 1 way to reduce security risks is to prevent users from using administrative or root-level accounts.
I came across a recent article from InfoWorld about end-users with admin-level access. It mentions that “Locked-down desktops have few support issues since users aren’t installing buggy, unapproved apps, slowing down their systems, and throwing up blue screens all the time.”
By limiting end-users administrative privileges, your organization can save time and money by not having to commit your IT personnel to excessive troubleshooting and system rebuilding.
Mauricio Cornejo, an IT Consultant here at NSK Inc had a run in with a serious issue involving an employing having admin-level privileges.
According to Cornejo:
The user that has admin access from the company was trying to remove a user that she created. Instead of verifying that she was highlighting the one specific user, she had the sub-folder in the organizational unit highlighted and removed it from Active Directory.
This caused all of the users who were in that folder lose access to the domain and their email. Luckily, we were able to restore everything back from the latest backup that had run the previous night so that the Active Directory was up and running again in only a few hours.
Thanks to a reliable Backup Disaster Recovery system, and Cornejo’s savvy IT skills, a complete disaster was avoided in that the issue was resolved in a couple of hours. Still a few hours multiplied by twenty employees is a lot of time lost.
It’s just something to think about. Most employees rarely (if ever) need administrative-level access on their workstations or network.