As the operator or principal of your company, you might believe it makes sense for your account to have access to the management functions of your critical systems, such as email. While it may be convenient, it’s risky. Most people wouldn’t bring $10,000 in cash to the supermarket and you shouldn’t use an admin account for everyday use for the same basic reasons.
Convenience and Security
Security is the enemy of convenience. Any time security is increased for anything, it becomes more inconvenient. It would be very convenient to walk into a bank and ask for money without any further validation, but the pitfalls of that are obvious. Everything we do in life has a balance of security and convenience that makes sense considering the risks involved. There’s no need to put a lock on the refrigerator, because the risks associated with opening it are always very low. However, we all lock the entryways into our homes to defend against the potential risks of leaving it unlocked.
Laypeople tend to not consider these things when setting up or maintaining an IT service themselves. The focus falls to achieving functionality, rather than any concern over risks. This is an unfortunate consequence of the sales mentality of many cloud service providers: “getting started is easy.” Many times, getting started is easy, but at the same time the default setup leaves room for disaster. The more information your company puts into the system and the longer your team uses it, the more of a disaster it will be if you face such a catastrophe.
The Principle of “Least Privilege Necessary”
Following the principle of least privilege necessary may save an organization from many headaches later on. An individual should be given the access that they need to do their regular work. The sales team doesn’t need access to the HR team’s files for example. Furthermore, even when an individual should have access to sensitive systems, particularly the administration of a system that is widely used in the company, it’s usually a good idea to have them use an alternate account. While it may be “Joe’s” responsibility to add new users to the email system, he doesn’t do it every day, so why should his daily use account have access to do that?
Limiting the access of an account will certainly lead to some inconveniences, but should that account become compromised, it will limit the potential damage that someone could cause with that account.
This regularly comes up with the use of standard use accounts versus admin accounts on computers. While it’s convenient for a user to have admin access on their computer, it also means that if they download malware, they can break the computer entirely. In the same situation, had they been a standard user, the damage would be limited to their user account. This would allow the worst case scenario to be deleting that user account, rather than reloading the operating system of the computer. It could very well be a difference between 30 minutes of downtime and 5 hours.
As your organization grows, look to where access controls can be implemented. A 20-employee company should evolve their processes from the way they did things when they had 5 employees. Organize your shared files so that access controls are simple and consistent. Making top level folders like Administration, Sales, HR, etc., and applying the controls to them will make it easy to govern who has access to everything inside of each of them.
Use services that allow you to set proper privilege levels and use dedicated admin accounts. Microsoft 365 for instance allows you to create no charge admin accounts, so there’s very little reason to assign admin privilege to anyone’s daily use account.
Establish and follow a process for changes. Changes to access shouldn’t be a power struggle. Things will go smoothly with both your team and your IT support if you set the expectation that the process has to be followed. IT support shouldn’t have to judge if they need to give someone access to a sensitive resource, but they should know exactly who can order the change. In most organizations, an entry level employee shouldn’t be asking IT to reset the president’s password. Make sure your team knows that a reasonable process exists for your company and that it is expected to be followed.
We all rely on these systems and they deserve proper attention to keep them secure and still usable. Consult with your IT resources to make sure that you are doing what makes sense to balance these concerns for your company. You lose a lot less in planning than you do cleaning up after a catastrophe.