A good access control policy is essential to maintaining the security of information assets. Without controls to manage access to information, the is an increased probability that the information will end up in the wrong hands. Including the below elements to your access policy will greatly reduce information disclosure and availability risks.
Exercise Least Privilege - As best practice, users should be given the bare minimum of access and privileges necessary, limiting the damage they can do if compromised.
Remove Users from the Local Administrators Group - This can also help prevent privilege escalation attempts.
Avoid Credential Overlap Across Systems - This can help prevent lateral movement opportunities if valid credentials are obtained.
Avoid Staying Logged In On Remote Systems - Otherwise you open yourself up to attackers hijacking your admin access and privileges.
Use Strong Passwords - Should go without saying, but obviously still a major common problem.
Utilize MFA When Possible - Requiring multi factor authentication can help keep attackers out even if they’ve successfully stolen passwords.
Apply Account Lockout Policies and/or Progressive Delays for Logins - This can help thwart brute force attempts.