Computer Access Control

If an attacker managed to compromise your device, they can do far more damage if they gain access to that device’s admin account. Without admin access they would not be able to install new software or make changes to other user’s accounts on the device. With admin access, there is very little they couldn’t do.

Computer access control is a security approach which determines who or what can view or utilise resources on a device or network. It is a basic cybersecurity concept that reduces your organisation’s risk of data breaches.

Many Windows users make an admin account when setting up their machine, then continue using that once the machine is set up and never think about it again. Or they use a separate account which has the same administrative privileges. This is not a good idea!

Using an admin account means that you have access to the entire system, including the ability to install new applications. While this might sound useful, the risk is that if your account is compromised by a hacker, they now also have full administrative access to your entire system. This includes the ability to install ransomware, or to uninstall your antivirus or ransomware protection.

Hackers are just one risk, but another is accidentally breaking things yourself. If a user is logged in as an admin and is tricked into downloading a piece of malicious software, they may end up installing it themselves, believing it to be something genuine.

Put simply, only use admin accounts for admin tasks. Set up basic logins with restricted privileges and have team members use those as their main account for day-to-day tasks. Apart from your IT admin (or managed services provider), users in a business should not be installing or uninstalling software on their own machines anyway.

Once users have the required applications for their role installed, they should never have to use the admin login. If they do need administrative changes made, they can contact your IT administrator and request that they make a change for them.