If you need to ask that question, then the answer is yes! When a user is working on their computer they have certain rights and permissions to access files and run programs. Ideally those rights and permissions should conform to a model of Least Privilege Access.

Least Privilege Access is a concept where users working on the network are able to do their job and access the data they need to access – and nothing more!

Being able to work at an elevated level is just the sort of thing that either a hacker, ransomware or some other malicious entity needs in order to move around the network and expose business data.

I recommend you review all user accounts on the network and clean-up where necessary. Provide normal accounts to IT administrators as well as an admin account for those that need it, and monitor the use of such accounts.

Historically is has been the norm to have elevated privileges on the network, especially for IT staff. A moment of consideration, that mental gear-shift should occur however when moving from normal to admin mode. After all, the surgeon should only get the scalpel out once ready to make a cut!