Administrator Rights is the highest level of permission given to a computer user. A user with admin rights (privileges) allows them to access anything within the system or network they are given administrative rights to. A user with these rights is given essentially “unrestricted access” to the entire system.
What does this mean for an SMB?
One of the best ways to protect your SMB from a major security breach is to implement the principle of Least Privilege by removing Administrator Rights from each employee operating a desktop computer. This single action can mean the difference between a major ransomware compromise incident and no incident at all.
Why? When your employee is tricked by a hacker into downloading and running malware on their computer, not having Administrative Rights should prevent the malware from installing. This lack of local computer system rights could prevent the malware from encrypting that users files as well as the files they can access to on network file servers!
Related Terms: Availability, Confidentiality, Integrity, Least Privilege, Need to Know