Who holds the power to your computer systems?
Take us back 35-40 years and not only did nobody have any idea about the internet but the job of an IT engineer was non-existent. As the internet emerged and technology began overtaking all expectations new roles were created – the IT experts that must make sure the technology is under control and remains safe.
The computing firms and the engineers are just as essential to businesses today as the services they are using, because when issues appear the downtime can cost more than owners can afford.
One of the simple parts of protecting a business is by thinking about who holds the power – the admin rights – to your computer systems.
If you are a domestic user or SOHO business (without a server) you can install anything you like on your own computer. Find it, download it, install it, and use it – all done in minutes.
In a server environment that is being properly managed by IT experts through a support contract or similar assistance the ability for people to install their own software is removed.
That ability remains with the experts who understand the questions that pop up on the screen- and know exactly when not to click that button.
In a business that is either maturing or lacking transparency over their IT operations we quite often get users ringing us up demanding administrator rights or the password for the administrator account. We have to let them down gently and say no.
Not because we are precious about IT and want to do everything ourselves but because we are precious about the computer systems we are protecting on behalf of our clients.
Often business owners do not realise the dangers that come with administrator rights but in fact 80% of IT issues come about because something within the system has changed. If you do not have admin rights then it reduces the likelihood of things changing and thus means your IT is more stable and less problematical.
The system is also automatically more secure – because you have removed the ability for software to be installed, if you receive an email or visit a website that contains malicious content it is less able to self-install on your computer and wreak whatever havoc it had in mind.
And this is one case where we are asking you to do as we say and do as we do! Even within our own office we do not give ourselves administrator privileges for day-to-day working.
If we have a Windows domain then we maintain a separate domain administrator account for each person that requires administrator access from time to time. If an account is compromised or something changes then security logs help tell us where to start fixing.
We then maintain separate passwords for each piece of equipment, device or software that requires a password and have service accounts for things like backup software, database servers, firewalls and so on.
And finally we document our passwords in a database that is encrypted and only accessible with super complex passwords and multi-factor authentication.
This is just one part of the layered approach all businesses should be taking with their technology security in the age we now live in. For advice or a second opinion on the security for your business, give us a call on 01952 303404.