Common Mistakes System Administrators Make

August 4, 2025

-

Roee Margalit

Common Mistakes System Administrators Make

Introduction: The Critical Role of System Administrators

System administrators are the unsung heroes of IT, tasked with configuring and securing the systems that keep organizations running smoothly. However, even seasoned admins can make oversights that lead to security vulnerabilities, system downtime, or compliance failures. From relying on a single admin to neglecting multi-factor authentication (MFA) or recovery plans, these mistakes can have serious consequences. For instance, a small business admin who skips MFA might inadvertently allow a phishing attack to compromise critical data, disrupting operations. This article explores the most common system administrator mistakes, offers practical solutions to avoid them, and highlights how Rotate’s advanced tools, such as XDR and MDR Services, can help maintain a secure and resilient IT environment. By addressing these pitfalls proactively, admins can safeguard their systems and ensure business continuity.

Too Few Administrators: A Single Point of Failure

Relying on a single administrator for a system creates a significant risk. If that admin loses access, due to a forgotten password, a lost MFA device, or unavailability, no one else can manage critical tasks, potentially halting operations. The Cloud Security Alliance recommends at least two admins per system to ensure continuity, stating, “Every organization should have at least 2 org admins for each SaaS.” Without a backup, recovery can be cumbersome, often requiring vendor support or complex domain verification.

To mitigate this, assign at least two trusted admins per application or service, such as Google Workspace or Microsoft 365. Store credentials securely in a password manager and maintain a “break-glass” admin account in an encrypted vault or physical safe for emergencies. Rotate’s AI-MDR can flag configurations with too few admins, alerting you to add another before a crisis occurs. Regular audits of admin roles further ensure no single point of failure exists.

Best Practice: Designate 2–3 admins per system and secure a break-glass account to prevent lockouts.

Too Many Administrators: Expanding the Attack Surface

Conversely, assigning too many admins increases security risks. Each admin account is a potential target for attackers, who can exploit phishing or credential theft to gain unauthorized access. For example, a company that granted admin privileges to multiple contractors for convenience faced a breach when one contractor’s weak password was compromised. The principle of least privilege  advises granting admin roles only to those who need them, avoiding broad permissions like Global Administrator in Azure AD.

To address this, limit admin roles to essential personnel, ideally 2-4 per system for small teams. Regularly audit admin accounts to revoke unnecessary privileges, especially for former employees or contractors. Rotate’s AI-MDR feature triggers an “Organization has too many admins” alert when the count exceeds recommended limits, prompting a review to reduce exposure. This ensures only necessary personnel have elevated access, minimizing the attack surface.

Best Practice: Restrict admin roles to essential users and audit permissions quarterly to maintain least privilege.

Balancing Admin Counts for Security and Continuity

Finding the right number of admins is a delicate balance. Too few risk lockouts, while too many invite breaches. The Cloud Security Alliance suggests starting with two admins per system, scaling to three or four as teams grow, but avoiding excess. Annual or quarterly reviews help identify outdated or unnecessary admin accounts, ensuring alignment with organizational needs.

Rotate’s AI-MDR platform enhances this process with automated alerts for admin count imbalances, such as “too few admins” or “too many admins.” These notifications allow admins to address issues proactively, preventing both operational disruptions and security vulnerabilities. By maintaining a lean yet sufficient admin team, organizations can achieve both security and reliability.

Best Practice: Maintain 2-4 admins per system, conduct regular audits, and use Rotate’s XDR alerts to monitor imbalances.

Skipping Multi-Factor Authentication (MFA)

Neglecting MFA is a critical error that leaves systems vulnerable. Passwords alone are easily compromised through phishing or password-spray attacks, with Verizon’s 2024 Data Breach Report noting that 31% of breaches involve stolen credentials (Verizon). MFA adds a second layer, such as an authenticator app or hardware key, making unauthorized access significantly harder. The Cloud Security Alliance calls MFA “necessary” to avoid single points of failure.

Admins should mandate MFA for all accounts, especially admin ones, using secure methods like authenticator apps over SMS, which can be intercepted. Rotate’s MDR Services monitor for MFA compliance, alerting admins if it’s disabled or bypassed, ensuring robust protection. Avoiding MFA for convenience is a risky trade-off that can lead to devastating breaches.

Best Practice: Enforce MFA for all admin accounts using secure methods and monitor compliance with Rotate’s MDR Services.

No Recovery or Backup Plan

Failing to establish a recovery plan can turn a minor issue into a crisis. Without recovery emails, phone numbers, or secondary admins, a locked-out admin may face lengthy vendor support processes or complex domain verification. For example, Google Workspace advises setting up recovery information to receive reset codes, avoiding delays.

To prevent this, register recovery emails and phone numbers for all admin accounts, maintain at least two admins, and store a “break-glass” account’s credentials securely. Testing recovery processes periodically ensures they work when needed. Rotate’s AI-MDR platform can flag missing recovery options, prompting admins to address gaps before they become problematic.

Best Practice: Set up recovery options, maintain secondary admins, and test recovery processes regularly.

Weak or Recycled Passwords

Weak or reused passwords are a major vulnerability. Modern guidance, including NIST recommendations, favors long, unique passphrases (e.g., “MyDogSprintsWhenILaugh2025”) over short, complex ones like “P@ssw0rd!”. Frequent forced resets often lead to predictable tweaks or written-down passwords, increasing risk.

Admins should use a password manager to generate and store unique passwords, block common passwords like “Password123,” and avoid reuse across systems. Rotate’s MDR Services can detect weak password policies, alerting admins to enforce stronger standards. This layered approach reduces the likelihood of credential-based breaches.

Best Practice: Use a password manager for unique, lengthy passphrases and monitor password strength with Rotate’s MDR Services.

Over-Privileged Apps and Roles

Granting excessive privileges to apps or service accounts is a hidden risk. An app with global access tokens can become a backdoor if compromised, acting as an “invisible admin.” The principle of least privilege applies here, too - apps should only have the permissions they need. Regular audits of app permissions prevent configuration drift and reduce vulnerabilities. By treating apps like human admins, organizations can minimize risks from misconfigured integrations.

Best Practice: Assign apps minimal permissions and audit settings regularly. 

Leveraging Monitoring and Alerts

Continuous monitoring is essential to catch mistakes early. Rotate’s XDR platform offers alerts for common admin errors, such as “too few admins,” “too many admins,” disabled MFA, or missing recovery options. These proactive notifications, combined with audit logs, provide a robust safety net, ensuring issues are addressed before they escalate. For example, an alert for an admin logging in from an unknown IP without MFA can prompt immediate action, preventing a potential breach.

Rotate’s MDR Services enhance this by providing 24/7 monitoring and expert response, ensuring compliance with cybersecurity best practices. This automated vigilance reduces reliance on manual reviews, keeping systems secure and compliant.

Key Features of Rotate’s MDR Services:

  • 24/7 monitoring of admin activities and system configurations.
  • Prioritized alerts for critical issues like MFA lapses or admin imbalances.
  • Rapid response to threats with expert guidance.
  • Centralized dashboard for real-time visibility, powered by Rotate’s XDR.

Explore cybersecurity best practices here.

Building a Resilient IT Environment
Building a Resilient IT Environment

Conclusion: Building a Resilient IT Environment

System administrator mistakes, such as inadequate admin counts, skipping MFA, neglecting recovery plans, using weak passwords, or over-privileging apps, which can lead to significant security and operational risks. By adopting best practices like enforcing MFA, maintaining balanced admin roles, using strong passwords, and leveraging Rotate’s XDR and MDR Services, organizations can avoid these pitfalls. Proactive monitoring and automation ensure these errors are caught early, safeguarding systems and ensuring compliance. Take control of your IT security today - contact Rotate or request a demo to explore our solutions.

FAQs

Why is having the right number of administrators important?
Maintaining 2–4 administrators per system ensures continuity if one admin is unavailable, while avoiding excessive accounts that increase security risks. Too few admins create a single point of failure, risking lockouts, while too many expand the attack surface, as each account is a potential target. Rotate’s XDR platform alerts you to imbalances, such as “too few admins” or “too many admins,” enabling proactive adjustments to maintain security and operational efficiency.
How does multi-factor authentication prevent security breaches?
MFA adds a second authentication layer, like an authenticator app code, making it harder for attackers to access accounts even if passwords are stolen. With 31% of breaches involving stolen credentials, per Verizon’s 2024 Data Breach Report, MFA is a critical defense against phishing and password-spray attacks. Rotate’s MDR Services monitor MFA compliance, alerting admins to lapses and ensuring robust protection across systems.
What steps can prevent admin account lockouts?
Register recovery emails and phone numbers for each admin account, maintain at least two admins, and store a “break-glass” account’s credentials in a secure vault. Testing recovery processes periodically ensures they work during emergencies, avoiding reliance on slow vendor support. Rotate’s XDR platform flags missing recovery options, helping admins prepare for unexpected access issues and maintain system continuity.
Previous
Next
Common Mistakes System Administrators Make
Business Email Compromise (BEC): What It Is, How It Happens, and How to Prevent It
Essential Cyber Security Terms MSPs and SMBs Should Know
Third-Party Risk Management and Supply Chain Security for MSPs and SMEs
SME Cybersecurity Compliance: GDPR, PCI, ISO, and More
The Future of Endpoint Security: Trends and Predictions
Understanding and Mitigating Phishing Attacks in 2025
How to Implement Multi-Factor Authentication (MFA) Effectively
The Importance of Cybersecurity Training for Employees
MDR Meaning Explained: How Rotate’s MDR Services Keep Your Business Safe
Cloud Security Essentials: Protecting Your Data in the Cloud
A Deep Dive into Ransomware: Prevention and Response Strategies
Best Practices for Securing Remote Work Environments
Understanding Zero Trust Security Architecture: A Comprehensive Guide to Modern Network Security Models
Top 5 Cybersecurity Threats to Watch Out for in 2025
5 Steps to Fast-Track Incident Response
Enhancing Endpoint Security in a Hybrid Work Environment: A Use Case
Proactive Vulnerability Detection & Remediation: A Financial Institution Use Case
Enhancing Enterprise Security: A Use Case on Identity Protection & Access Management
Top 3 Cybersecurity Trends for SMEs in 2025
How Rotate Helps MSSPs Deliver Advanced Cybersecurity Profitably
Boosting MSP Profitability with Rotate’s AI-Powered Security Solutions
The Ultimate Guide for Companies to Avoid Cyber Threats
How Rotate is Revolutionizing Cybersecurity for MSPs
5 Reasons to Use a Cybersecurity Platform
The Dark Web And GenAI: Stopping An Emerging Source Of Identity Threats
Who Are The People Behind Cybercrime?
The FBI Takes Social Engineering Seriously. Why Don’t Business Owners Do The Same?
Why Would Anyone Bother Hacking Into My Business?
Future of Work, Secured
Why Rotate?
Uncoding the Cyber Insurance Paradox
Feature Spotlight: Team
Introducing Rotate
Copyright Rotate 2025. All Rights Reserved.
Platform
Platform OverviewIdentity HubEmail HubEndpoint HubTraining HubEASM Hub
Partners
Security PartnersInsurance Partners
Company
Contact UsBlog
Resources
MDRIncident ResponseCompliance
Legal
Terms of usePrivacy policy