Review privilege
Anything can happen in an onosecond. What’s an onosecond? It’s that indeterminate amount of time after you’ve clicked “submit” and you stop and say, “Oh no …”
There are some places where doing your daily work while logged into an account with excessive privileges can cause you a lot of trouble:
- Phishing attacks are extremely common. Is your individual account considered a “global administrator” in Microsoft 365? If that gets phished, your entire company gets compromised.
- Making your individual account a network administrator means it’s easy to log in to your servers and do administrative work. It also means your individual account is a great target for password attacks.
- With full network administrator access, it’s also a lot easier for that ransomware you just accidentally activated to go rummaging through all your servers.
Think about your third-party vendors too. If they need access to your network, do they really need domain admin, or would local server admin work?
Next steps
- Adjust access levels: Keep your individual account at the same access level as your users have. Keep your admin accounts separate and absolutely use different passwords for those.
- Keep your vendor accounts as minimal as needed: Don’t give vendors access to a greater scope than what they need and disable/delete them when you no longer work with them.
Review C-level access: Your C-suite execs are going to be targeted too. Yes, they run the company, but their daily driver accounts shouldn’t be allowed to “run” the company if they’re compromised.