Tip - use administrator privileges sparingly

This is the ninth in a series of 12 tips to help you improve your online safety. In tip 5, we covered the fact that the Deloitte hack came about in large part because an intruder

just needed to acquire a single password from an administrator of the firm’s email accounts

Home and personal computers can be similarly susceptible - if a virus or other malware affects you while you’re logged on as the administrator account, then all data on your computer could be affected, or locked and made subject to a ransom.

What should I do?

Use a “standard” user account for everyday computing, rather than an “admin”-level user account (IT Security people talk of “the principle of least privilege”). You might choose to have a naming convention such as “John” and “JohnAdmin” so that it’s clear which account you’re using. This means that if you get a virus / other nasty, it has much more limited scope to install other software. If you only have a “John” account, which is an administrator, then add a second account (“JohnAdmin”). Log on to “JohnAdmin”, and change the user account “John” back to a standard user, and use the “John” account for all tasks. If you need to perform an administrator-level task (e.g. installing a program) you’ll be prompted for the details of the administrator account.


This article was originally published on the Online Safety Alliance