By the DynaSis Team
In Greek mythology, Pandora was a woman who accidentally unleashed all the ills of the world because she couldn’t resist opening the box that was holding them captive. For small and medium-sized businesses (SMBs), administrative access at the user level―letting untrained employees have full access to their desktop and potentially the company’s IT systems at the administrative level―is the Pandora’s Box of technology. Making matters worse, many employees don’t even know they have access to the box, so they open it unwittingly.
Here’s how this happens. Windows automatically configures the default user account as an Administrator. A Windows Administrator account is an unrestricted account that can make system-wide changes to the computer with no additional authorization or privileges.
SMBs that install new PCs for their personnel, or allow them to work from any PC or mobile device outside their scope of control, may unknowingly empower these individuals with Administrator access. Administrative accounts provide a direct pathway to root (hidden, low-level operating) settings and other built-in mechanisms for making any system change―not just beneficial ones.
If cyberattackers get access to a PC with an Administrator account, perhaps through a phishing email, infected site or other mechanism, they can then execute scripts, launch exploit kits (malicious toolkits that exploit security holes) and perform other actions at the root level. Many, if not most, actions running at this level will not alert the user, so destructive activities can continue, unchecked, potentially for the life of the PC.
If a device with Administrator privileges is authenticated to connect to the company network, the cyberattackers can easily penetrate the network, as well, potentially taking over the entire network for use as a bot (a form of automated attendant) to spread more phishing messages, stealing data, and infecting other connected devices automatically and decisively.
For every PC on the network, unless a user or an IT pro intentionally sets up a user account without administrative privileges, this can occur. This is a crucial, but often overlooked, step in securing any corporate defenses. Making matters worse, many “IT-aware” (but not IT-trained) business owners and employees have heard that the hidden Administrator account built into the Windows OS is disabled by default due to security concerns. This measure, in place since Windows Vista, was an important, needed change but it does not provide any protection for the default Administrator account at the user level.
Administrator-level users (called superusers in the IT world) are a primary mechanism for infection among SMBs. Given that the rate of targeted attacks against SMBs has more than doubled since 2011, and the ratio of data breaches to company size is 15 times higher for SMBs than for larger firms, the default Administrator account is something every SMB should address as soon as possible. To learn more about cyber security or discuss scheduling a security assessment to determine your level of risk, please give us a call.