5. Do not work with administrative rights

You should not work with administrative rights by default. In all modern operating systems, the user accounts can be assigned different rights. Unlimited access to all functions of the operating system is given to user accounts of the category "administrator" or "root". The rights are restricted for "user" or "restricted" accounts.
Administrator rights are required to make or change configurations. Working with administrator rights makes it possible for many malicious programs to be fully exploited, or a successful attacker automatically has administrative rights.

You should disable or delete unused user accounts.