Blog administrator 3 header
17 September 2021 / Elaboration

Why not all your employees should be account administrators

You’d think it’s easy: you provide all of your employees with administrator rights to their accounts and they will not disturb you every time they want to download a file or change a setting. But no convenience will ever make up for the dangers that lie with giving everyone full access to their account. Here’s why granting every employee admin rights is synonymous to cyberattacks and data leaks.


To plan their next attack, hackers are always on the lookout for (overly) privileged account users who drop their guard for just one moment or users who are not adequately informed about phishing. The Phished Academy can help with the latter, but the fact that your employees’ accounts are too privileged in the first place is a flaw that can be prevented easily. So why take the risk?

A gateway for hackers

By giving full rights to every employee who works with a computer in your company, you also give every employee the opportunity to open the door to possible cyberattackers. When a virus sneaks onto your computer, the piece of malware surfs along with the user rights on your account.

If a virus enters through your administrator account, the front door has been opened and the virus can immediately cause damage to the core of your PC. If, on the other hand, the virus gets in through your user account that has limited rights, then the intruder has a harder time actually infiltrating your computer.

Admins don’t surf (the internet)

Your company would ideally have a few account administrators. But even they would still in fact need two accounts: one admin account to give themselves and others occasional full access to their computer and one ‘user’ account to surf the web. If you steer clear of the internet on your admin account, hackers would find it more difficult to get to the important data on your computer. But hey, they usually like a challenge! And once your mailbox has been accessed by malware or a virus, the leaked information travels fast.

The perfect admin

But who is the ideal candidate to up take the role of office admin? The CEO, of course. Wrong! CEOs and employees in other senior positions are the most likely to become victims of spear phishing. Hackers like to target the big fish of a company – which is called ‘whaling’ - and these whales are usually not equipped with the technical know-how you need to not fall for these types of e-mails:

Blog administrator main

Hackers would be able to use a name of an actual marketeer that works at Twitter and even the telephone number would be correct. Most people would not think twice about this e-mail, provided they did not notice the dubble ‘r’ in the address. So... who would be capable to carry the great responsibility of being an admin, then? Naturally, it’s the IT department.

Small companies, great dangers

When you think of typical cyberattack victims, you might have large tech companies in mind. In reality, smaller companies are the ideal targets for virtual attacks; they usually do not have a dedicated IT department. They are moreover more likely to pay the hackers in return for the stolen data and the data breach is less likely to be picked up by the media, hence: attacking smaller companies raises less attention. So even if you run a one-man company, it is advised to introduce a separate admin account.

Best of both security measures

To keep hackers out, you want to close as many doors as possible. Firstly, informing your employees properly about the dangers of the virtual world is crucial. Our Phished Academy provides a fitting network security administrator training for every company, but it cannot guarantee a foolproof safety lock. That’s why you need to close the hackers' backdoor by leaving admin accounts for what they are: accounts occasionally needed to change a setting or two.