Skip Navigation

Should Companies Grant Users Admin Privileges on Their Work Machines?

By: Colin Murray, ITMG Insider Threat Analyst

Every business owner wants the members of their company to be able to innovate freely. Nobody wants to stifle the creativity of their employees. Employees should be able to download anything that they think may be able to improve their personal process, right? Many believe that disallowing employees from being able to do whatever it is that they want on their work machines is necessary. Conversely, companies believe that their business is better able to pivot when everyone can adjust and work in whatever way they see fit. And while this may be true, every employee having admin privileges over their own machine comes with a significant cost.

Employers may trust their employees completely. In a smaller business this is common. This issue is that it is not just employees that can take advantage of a machine with admin privileges. Any external bad actor that is able to find a way into a machine, by whatever means, is now inside your network and has the privileges to do just about anything that they want. You may trust your employees to not steal information, but you can never trust their machines to not get hacked.

Full access allows users to download anything that they want. This is great for customization and ease of access for those employees that mean well. For those that do not, however, it allows them to come up with an unlimited number of ways to circumvent your systems meant to keep intellectual property safe. Do you have a team that watches for concerning files leaving the network? An employee can respond to that by downloading an application that allows them to store fifty technical document pages in an image of the Easter Bunny that they are sending home. There are always new concerning applications appearing on the internet; allowing employees to download any of them is a massive security risk.

Most employees are not going to want to steal from their company. Hopefully employers are seeking to create an environment where that is unlikely to happen. But when a user has full access and they can do anything they want to on their machine then it begins to feel like exactly that, their machine. They start to mix up business use and personal use. They download the newest computer game launcher to come out of China that offers them a few free games. They start wandering to parts of the internet that are high risk and have nothing to do with their business purpose. 

There are reasons for users to have admin privileges. Weighed against the risk, though, it should never be something done by a company with even the smallest security concerns.

Contact ITMG to Develop Strategies and Protocols Designed to Help Your Company Mitigate Your Insider Risk

ITMG is an industry leader in helping organizations throughout the United States strengthen their insider risk management programs and secure sensitive data and intellectual property. Our team of bona fide experts has the real-world experience necessary to plan out and create holistic security solutions tailored to the needs and risks in your industry. Contact ITMG today to learn more about how we can help! You can also visit our Facebook, Twitter, and LinkedIn pages for more updates and insights into the world of insider risk management.

This entry was posted on Monday, April 18th, 2022 at 11:48 am. Both comments and pings are currently closed.