Least Privilege refers to the access that is given to a user on a device or computer. Giving a user least privilege is to give a user account only the essential functions on the device needed to do their job. Giving a user least privilege helps protect individuals and companies from accidental disclosure of sensitive information, and sometimes the compromise of the computing environment users are operating within.
Why Should “Least Privilege” Matter to an SMB?
One of the best ways to protect your SMB from a major security breach is to implement the principle of Least Privilege by removing Administrator Rights from each employee operating a desktop computer. This single action can mean the difference between a major ransomware compromise incident and no incident at all.
Why? When your employee is tricked by a hacker into downloading and running malware on their computer, not having Administrative Rights should prevent the malware from installing. This lack of local computer system rights could prevent the malware from encrypting that users files as well as the files they can access to on network file servers!
Source: DABCC Inc.