Last month, we took on a new client — a consulting firm with 40 users.
Prior to working with us, they never had organized IT support. Each employee had their own company-issued laptop.
Complicated support issues and the office network were handled by one of the company’s software developers. (Hint: software development and systems administration, while both considered “IT,” require significantly different skillsets. A great programmer does not make a good systems/network administrator.)
From an overall IT perspective, things were working fine… until they weren’t. Several people were starting to complain about slow computers. Somebody else opened a file attached to an email, thinking it was a resume. It wasn’t. It was a program that encrypted all of the files on that user’s computer and half of the files on the company’s server (we already have plans to move them to the cloud).
By the time we arrived on the scene to investigate, the company was in chaos. The problem was that all 40 users had admin rights on their computers, giving each of them unfettered access to install or do whatever they wanted.
That’s a mistake. Because while none of these people were doing anything deliberately harmful, it was only a matter of time before bad things began to happen.
Two Primary Areas of Concern
A company’s IT infrastructure (computers, firewall, network switches, wireless access points, etc.), is complicated. While there are clear advantages to the easy and efficient sharing of software, files, etc., that a company provides, there are also risks.
Each connected user has the theoretical ability to impact everyone else as well as the IT environment overall. That’s why it is critically important that there are controls in place to limit who can do what. Two reasons why this matters…
#1. Dangerous elements can be introduced into the network.
Most non-technical users don’t really know what they don’t know. They may install a program that appears to be legitimate but, in fact, is using all of the computer’s processing power to mine bitcoin! (This is an example of a Trojan Horse.) They may install a program that has a virus. They may download a “key-logger” program that tracks keystrokes surreptitiously, giving a hacker access to usernames and passwords.
And, because everything is interconnected, if the dangerous element (or person) gets on one machine, it can spread everywhere. Each user represents a door; admin access is the key that unlocks it.
#2. Support costs can increase.
The more software that is installed on a given machine, the more problems that can occur. For example, if someone downloads a program, they may unknowingly end up installing a bunch of other things that cause their computer to slow down and/or behave erratically.
These aren’t necessarily nefarious, as in #1 above, but they can still serve to create problems. Now your support staff needs to spend time and effort trying to figure out what happened and reverse it or, worst case, wipe the machine clean. Meanwhile, your employee’s productivity is negatively impacted.
What’s the Solution?
The key to minimizing these types of problems is to restrict the number of people in the organization who have admin access to their computers. That prevents users from installing or removing software, performing upgrades, or having access to system level files or settings (e.g., hard drive encryption, two-factor authentication).
Granted, this does add some administrative overhead in that users must now consult with the people responsible for IT if they need a particular piece of software or type of access. However, that small amount of additional time and coordination is more than worth it compared to what can happen otherwise!