Implement User Account Control to Protect Your Personal Computer

The Bottom Line

If a threat actor gains access to your computer while you are logged into an administrator account, they may have permission to access all of your data and device functions. To make it harder for threat actors to steal your data, conduct reconnaissance, or carry out other attacks, you should:

1. Use a standard user account for day-to-day tasks on your computer. 

2. Downgrade administrator accounts that you use for general purposes to user accounts. 

   You’ll learn what all of this means in the solution section!

Check out “The Problem” below to learn more about the risks of using an administrator account for daily tasks … or skip straight to “The Solution!”

The Problem

When you set up a new computer, you’re often prompted to create an account. Usually, that account is an administrator account that has full permissions to control the computer and its operating system (OS).

However, most users do not need to use an administrator account to perform day-to-day tasks, such as surfing the web or editing a document. These activities can be done from a standard user account.

Threat actors can leverage administrative privileges to bypass or even disable security functions and make almost unlimited changes to the system―effectively taking over the device.

With administrative privileges, threat actors can access your device’s camera and microphone to conduct espionage and steal or deny you access to your own data. If malware gains administrative access to a computer, it can also spread laterally across the network that the computer is connected to and infect other devices.  

The Solution

Use a standard user account for general tasks.

While you may occasionally need administrator privileges for activities like updating the OS or installing software, using a separate standard user account for everyday tasks, such as checking email or browsing the web, can protect you in many ways.

For example, when you install programs on a computer from a user account, you will be prompted to enter an administrator password. This may block malware from installing itself without invoking an administrator’s (or in this case, your) direct permission.

If you’re currently working from an administrator account, there’s an easy way to change it to a standard user account so you don’t have to migrate all of your work! 

1. Create a new administrator account. Follow the steps for Windows OS or macOS to create a new administrator account:
   • Windows OS: Create a local user or administrator account in Windows - Microsoft Support
   • macOS: Change Users & Groups settings on Mac - Apple Support
2. Downgrade the old administrator account. Log out of the old account and log into the new administrator account. Then simply follow the steps for Windows OS or macOS to downgrade your old administrator account to a user account.
   • Windows OS: Create a local user or administrator account in Windows - Microsoft Support
   • macOS: Change Users & Groups settings on Mac - Apple Support
3. Use your new user account for everyday tasks, such as browsing the web and creating documents.  

Takeaways

Do 

• Use a standard user account for general tasks.
• If you currently use an administrator account for day-to-day activities, downgrade it to a standard user account.

Do Not

• Use an administrator account for day-to-day activities.

Project Upskill is a product of the Joint Cyber Defense Collaborative.  

• Module 1: Basic Cybersecurity for Personal Computers and Mobile Devices