Modern information systems have built-in role model functionality.
Its purpose is to limit employees' access to information depending on their job duties. However, not everyone uses this function, and cases of granting full rights to everyone without exception are, unfortunately, far from rare.
Start by minimizing user rights - configure the system so that the employee gets access to certain information enough for work. Such an approach reduces the likelihood of financial, strategic, commercial, and other critical data falling into the wrong hands and will deter the temptation to take information outside the company. Do not forget to remove access from employees when fired or to change when moved to other positions. There is no difference between managing credentials centrally or separately, having an owner in each information system. To be sure that the blocking of access rights occurs on time, for example, on the employee's last day of work when signing the bypass letter.
A password is the most common way of authenticating a user when logging in to information systems. After receiving the password, the attacker automatically gains access to the data. Creating and maintaining a password policy does not require much time and effort and make it more difficult to steal or select credentials. The most popular rules regulate the complexity and validity period of the password, the prohibition of storing it in written form and its transfer to third parties (including colleagues), the prohibition of using the same password for different information systems, etc.
Many online services allow you to enable a second security factor when logging in as an SMS with a code, a phone call, a token, etc. If the software allows you to activate the second factor, do not miss the opportunity to improve data protection.
Specialized software will help to store passwords and share them in a controlled manner. Depending on your needs, there is a wide selection of paid and free password managers on the market. Pay attention to a role model's existence inside the system, to the second factor of authorization, regular updates, and keeping your passwords safe.