Remove or disable user accounts when no longer required, in particular special access accounts

Just like with data protection laws, when accounts are dormant or no longer necessary, delete them. A lone account with high privileges can be exploited by attackers as you may not be examining their activity. When providing temporary accounts for visitors, always make sure to delete these after to decrease your chance of their exploitation.

Last changed: 13 August 2022