Security Behaviour Database
/
All Behaviours > SB026 Restricts the number of users with administrator privileges, and uses the administrator accounts only where necessary

SB026 Restricts the number of users with administrator privileges, and uses the administrator accounts only where necessary

User accounts have fewer privileges than administrator accounts. User accounts deny malware escalated permissions. Admin privileges should only be enabled on devices when absolutely necessary.

Why is it important?

Malware installed using an “Administrator” account can have escalated privileges.It will be able to cause more damage to data and devices.

Using an “User” account as default can help prevent damage to systems should an infection occur.

Priority Tier

Behaviours in SebDB are ranked by their impact on risk. Tier 1 behaviours have the biggest impact, Tier 4 behaviours the least.

Tier 2

Risk Mitigated

Malware Infection

Malware Infection

Malware infections occur when malicious software makes its way on to a device or network.

Data Theft

Data Theft

Data theft is the intentional stealing of data.

Further reading

https://www.maketecheasier.com/why-you-shouldnt-use-admin-account/ https://www.howtogeek.com/124950/htg-explains-why-you-shouldnt-log-into-your-linux-system-as-root/
https://www.ncsc.gov.uk/collection/10-steps-to-cyber-security?curPage=/collection/10-steps-to-cyber-security/the-10-steps/managing-user-privileges
https://www.ncsc.govt.nz/assets/NCSC-Documents/NCSC-Restricting-Admin-Priviledges-Explained.pdf

SebDB is brought to you byCybSafe| © 2023 CybSafe Ltd