Essential 8 strategy 5 – administrative privileges
Gatekeepers are an important part of any ecosystem. Think of a bouncer at a nightclub, they let responsible patrons in and keep out potential threats or risky individuals.
Strategy 5 - administrative privileges
Like the nightclub bouncer, people who are given administrative privileges (also known as admin accounts) are tasked with protecting a device's system by determining who can and can't access certain functions on their device.
Unlike standard users who only have control of part of their device's system, admin accounts have full access and can make changes that affect all users. This makes the system more stable and reliable and can reduce the number of changes made - both on purpose and accidentally.
Examples of administrative privileges include authorising certain applications to be downloaded onto devices, and accessing all files stored on a system, even if they're sensitive.
There are a few things you need to consider when setting up admin accounts, given the sensitive client data that you're responsible for. You should:
- set up technical controls on admin accounts to prevent account holders from exploiting their system access
- identify which staff members require this level of access to the system to do their job and reassess this requirement on a frequent basis
- develop a list of actions that can only be performed by an admin account.
You should remove access for admin account holders when they leave your business or no longer require this level of system access. If everyone has access to these system privileges, it defeats the purpose of having them in place.
Implementing this strategy adds another layer of protection to your system's major actions. It makes it more difficult for cybercriminals to gain unauthorised access to your system and it also safeguards sensitive information.
Learn how to restrict administrative privileges in our series on cyber safety strategies. Last modified: 17 Mar 2023QC 71841
- Visit the ACSC websiteExternal Link to find out more about implementing this strategy on different operating systems
- Visit our newsroom for previous Essential 8 articles