Skip to content

Network Security: Avoid Practices that Weaken Security

There’s no way to stop all online attacks, but that’s not an excuse for fatalism. The huge majority can be stopped or minimized. Human error is the biggest source of practices that weaken security, but reducing the damage a mistake can make will prevent most attempts from doing any harm.

An important source of error is being too free with administrative accounts and privileges. The Center for Internet Security recommends paying close attention to controlled use of administrative privileges.

Every privileged account is a potential vector for taking control of systems. The more accounts there are, and the more they’re used, the more opportunities criminals have to grab the use of one. At the same time, there’s a constant temptation to expand their use, just because it’s more convenient at the moment. Each time that happens, security becomes a little weaker.

These are some of the practices that let that happen. Avoiding them will give criminals fewer chances to sneak in and run with administrative powers.

Giving administrative accounts to users. Administrators figure some users know what they’re doing, and they won’t have to come to the IT department as often if they can run tasks themselves. Giving them admin access saves work, but any malware that gets onto those machines can do a lot more damage.

Using administrative accounts for daily tasks. Even people who legitimately have admin accounts shouldn’t use them for browsing and email. They should log into them only when performing tasks that require them.

Giving Too Many Privileges to Application Accounts

A common example is giving an application full control over a database when it only needs to read and write data.

Using Weak or Shared Passwords

Each administrative account needs its own password, which has to be something long and hard to guess.

Letting Accounts Go Stale

Accounts which are no longer in use, including ones belonging to former employees, have to be disabled.

Allowing Remote Access Without Necessity

There’s less danger if admin accounts can be used only from within the network or from a VPN. Ones that are accessible from anywhere on the Internet are risky.

Sometimes it’s necessary to make exceptions, but the organization needs to carry out a risk assessment before approving them. The more freely administrators hand out exceptions, the more dangers they create. Being stingy with privileges can be unpopular, but it’s necessary if the network is going to stay secure. Explaining this necessity will take the sting off most complaints.

WheelHouse IT can help to keep your network safe from online attacks. Click below for a free risk assessment and other services.

a close up of a radio with the time displayed

Why You Need a UPS in Your Network Equipment

Apart from securing your computer network against breaches, it is advisable to ensure that the network hardware is plugged into a UPS (uninterruptible power supply) system.

the word rules spelled with scrabble tiles

What Are The Three Rules of HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) lays out three rules for protecting patient health information, namely: The Privacy

wheel house it logo

Let's Start a Conversation

Fill out the form below and a member of our team will contact you within 10 minutes. (Mon-Fri 8am-6pm EST)

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Let's Start a Conversation

Rory from wheel house IT

Call (954) 474-2204, option 2 to speak with a representative.

Send us an email at

Or contact us by form below:

"*" indicates required fields

This field is for validation purposes and should be left unchanged.