People are the biggest security to risk to your systems. The vast majority of malware, viruses and drive-by downloads will be installed as a result of users; this could be by clicking a link in a phishing email, to visiting a dodgy site, to installing their own software. However, there is a simple solution to this kind of issue which will stop the majority of malicious/unwanted software in its tracks - removing local admin rights.
Local admin rights are the administrative permissions that a user has on their device. Users will often be able to install anything they want on their devices at work - whether it's relevant to their work or not. Whereas bigger businesses often remove local admin rights as default, it's not something that SMEs tend to think about. However, removing local admin rights is a really useful way of controlling what is installed and changed on devices within your business.
'With local admin rights, anything you click on can install automatically,' says IT support technician Kirk Conway. 'If the user isn't IT savvy, they could accidentally install malicious software - and it only takes a single click.'
Once malicious software has infected a single device, it can spread to every other device connected to the same network - so a single dodgy link can lead to a whole load of trouble for businesses.
'As a manager, if you remove local admin rights, your colleagues would then receive a login box each time they tried to install or remove something on their device.' says Kirk. 'You can then login with your administrative details to authorise the installation or prevent it. You're actively consenting to everything installed on your employees' devices.'
Removing local admin rights provides an extra layer of security to your systems. If your employees are receiving the prompt for administrative details when they haven't attempted to install anything, that's a good sign that some malicious software is trying to run on the machine. In that instance, you can choose not to authorise the download, and the virus is unable to run.
'It doesn't stop you downloading stuff, or acquiring the files, it's purely that you can't open or install new software,' says Kirk. 'Removing local admin rights is a very basic way of protecting your users from themselves.'
However, removing these rights does have a downside. As a user, if you're working remotely and you need to install an update on your machine, you can't without the details from the administrator. This could ultimately decrease security or even render the device unusable. Users would have to get in touch with their administrator or their IT team, who could then connect your computer to the network.
'It does make installing software or updating your printer slightly more complicated,' says Kirk. 'It could stop your USB drive from being plugged into your device, for example. It's not going to suit every business - you have to balance the need for security and ease of access.'
'But it's not just beneficial from a security perspective. It stops any unauthorised software being installed, downloads, games, programs, everything that you don't want your employees to be using their work devices for. And it stops users accidentally deleting very important programs and processes.'
So should businesses remove these rights? Kirk wouldn't recommend doing it immediately, 'It's not a difficult thing to put in place, but I'd recommend having a chat with your IT support team first - give us a call, rather than trying to implement it yourself. We can assess the pros and cons, how it would work and the impact it would have on their business.'
To chat to us about local admin rights, give us a call on 0191 482 0444
