- Grant minimal rights to users (principle of least privilege). Only IT managers receive administrator roles and privileges.
- Access rights are calibrated in relation to business profiles.
- Establish a user charter (covering access rights, a ban on using private equipment, best practices in terms of passwords, phishing detection, typosquatting, etc.).
- Promote speaking out to facilitate the feedback of information if hacking or negligence is suspected.