Handing the keys of a Ferrari to an 18 year old kid is ultimately a bad idea. The same concept can be said about providing all company employees administrative rights. The importance of user permissions is a critical business factor. One that may cost a business lots of money if not properly implemented. We’ll explain.
What Are User Rights?
PC Mag defines user rights as the authorization given to users (company employees) that enables them to access specific resources on the network, such as data files, applications, printers and scanners. There are numerous types of user roles. For example, a person can be a standard user, guest user, or administrator. These are only a handful of the type of roles company users can be. Typically, most company employees will fall under the category of standard users. These individuals can perform day-to-day tasks dedicated to their specific job role without needing higher level user rights. An employee with higher rights can wreak havoc on a computer, or worse, on a company network. The last issue a business wants to experience is an employee’s PC being infiltrated by ransomware.
To summarize, user rights are specific permissions dedicated to an individual’s profile that allows them to perform specific actions on a computer. For instance, actions can range from downloading a file from the internet to accessing specific folders on a server. Planning out user rights ahead of time can save a company time and prevent future headaches.
Why Is It Important To Have User Rights?
We’ve come across numerous computer environments with all sorts of permissions granted to users. For instance, one environment we inherited had all company users as administrators. This is a big no-no! All users having administrative rights is like giving a kid the keys to a Bentley. Sure the kid is excited about driving the Bentley, but chances are the car will end up being misused or worse totally undrivable.
I’d like to provide an example of why individuals with admin rights is a bad idea.
ABC Accounting is a bookkeeping and accounting firm. The business performs services such as tax returns, small business audits, & bookkeeping. All employees have administrative user rights. Meaning, each person is free to perform any action on the computer. For example, an employee can download files from the internet or run installation files on their PC. One day, Employee A receives an email from a contact he’s been corresponding with. The email contains a PDF Employee A has been expecting. Without reviewing the email’s address or name, Employee A downloads a malicious file and corrupts the computer. What happened? Because Employee A failed to review the email’s entire message, he became apart of a phishing email scam. Likewise, the employee had administrative rights, which means he can download anything from the internet or perform any action. As a result of these two items, the PC is now unusable for the time being.
What’s worse is the employee can no longer work and contribute to the business. The example provided happens on numerous occasions. As a managed service provider – we strive to remain proactive with all our customers and provide phishing email education. For this scenario, had the user’s rights been a standard user, the PDF file downloaded would not have been executable.
Implementing User Rights Properly
The scenario supplied above was to obtain a better understanding of how user rights work. Because user rights are such an important topic, we’d like to guide you on best implementation practices for your business. It is important to know that not every individual in the company needs administrative rights. For starters, administrative staff can perform daily tasks without needing admin rights. Secondly, middle management user rights can be elevated to a tier higher than administrative staff due to the nature of their work. Lastly, business owners want full control of their PC.
Understanding the business belongs to the owners and we simply manage the networked devices, we do not argue this point. However, we tend to educate the owner on best security practices and what to look for when interacting with foreign emails or software.
A simple strategy we use is assign a “tech savvy” individual specific user rights. The user is a gatekeeper, so to speak, that reviews downloads the employee is attempting to perform. The gatekeeper can input her credentials to initiate the user’s download. The security of having a second pair of eyes review can help prevent bad user downloads.
What did you think of the blog post? We’d love to hear your feedback in the comments section!