3. The Limit the Damage Check
In the world of login accounts, there are "users" and "administrators." You should not be logged on and working in your daily tasks as an administrator, because if you are compromised the hacker will have complete and unrestricted access to do whatever they please on your machine. For this reason, your main work account should have "user" privileges only, which will restrict access and limit the damage if your computer is compromised. It's not that we don't trust you, we don't trust other people. The below steps use Google Chrome as an example, but all desktop applications apply.
EXAMPLE: The Target breach which started with an employee of a small business HVAC company named Fazio Mechanical Services. Had the employee had a "user" account, the malware likely never would have installed or would have had limited access.
The Spot Check (Windows Only):
STEP 1: Log in to your computer using your normal account.
STEP 2: Right click on any program (Google Chrome is used in example below) on your desktop and select "Run as administrator".
STEP 3: Type in your password on the User Account Control window.
STEP 4: Click "Yes" if the following window or something similar appears for you.
PASS: You are not given the option to click "Yes" from step 4 and instead are prompted for your password over and over again because you do not have sufficient permission to make potentially harmful changes to your computer.
FAIL: You make it all the way through step 4 with no issues, and the program (i.e. Google Chrome) opens successfully.
If you fail:
You are operating daily as an "administrator" which is likely an unnecessary risk.
- Change your account to "user" level or create a separate "user" account to start using.
- Have a conversation with your IT person about why your account had "administrator" privileges.
- Contact Ariento or another vendor you trust to get a vulnerability assessment to see where else you may be at risk and to provide you concrete recommendations for improving your security posture.
If you pass:
You are not able to make administrative changes to your computer while logged into your account. Pat your IT person on the back and thank them for doing one of the basics. You have passed spot check #3, pass go and collect $200! Just kidding, move on to spot check #4.