This is the start of a new series called “What to ask your IT professionals.” This series will provide you, the busy executive, with quick and important questions to discuss with IT. This series empowers you, as an executive, to broach topics that don’t “come up” in ordinary conversation.
There is a configuration that will make an enormous improvement in your security protection, and many companies are set up wrong!
Here’s something attackers know that you also need to know: The more power a user has, the more power an attacker will have when the attacker takes over that user’s account on your network.
Attackers can cause a great deal more damage if your IT professional is so busy that they do not modify settings that are misconfigured in a “standard installation” of Windows.
Ask your IT professionals: “Are any of our users configured to be a local administrator on their computer?”
The proper answer is “No. None of the users have any administrative rights on their computers.”
If they answer in any other way, direct them to “Fix it.”
If your IT Professionals have never heard of this problem, that’s okay. Don’t expect a brain surgeon to know about heart surgery. Both are incredibly intelligent and capable. IT is an enormous field. Give your IT professional a pat on the back from us too just for being in the profession.
If they don’t fix it for you immediately, sometimes their response to you may include, “Yes, some users are administrators because some of our software manufacturers require users to be local administrators.”
More on how to address that problem in our next newsletter.
Please forward this to your friends and post your comments below…