One easy security practice is that of least-privilege. This is the concept that a user should be provided with as much in the way of privileges as they need to do their job, but no more. In a bank, for instance, the groundskeeper shouldn't have access to the vault.
Though the benefits to this may be obvious, they're still worthy of mention:
The most obvious benefit is that without access to the vault, the groundskeeper can't steal from the vault. But if the groundskeeper can't access the vault, this also means that someone posing as the groundskeeper can't steal from the vault, either. Think of how many heist movies involve stolen credentials; if the stolen credentials don't provide access to the loot, the thief is still empty-handed.
Similarly, can't enter the vault accidentally when looking for the bathroom, then damage something inside or leave it unlocked, nor can they enter it out of curiosity and do the same.
There are also benefits in the event of a break-in. If the groundskeeper doesn't have access to the vault, they are much easier to eliminate from the list of suspects, simplifying the investigation and speeding recovery.
A sub-concept is the idea of one user having multiple accounts, each account with differing privileges. The root or administrator account of a computer holds the keys to the kingdom. There are times when a user requires that level of access, such as when installing software, but using that level of access all the time creates a problem. If I'm in my root-level account and download a virus, I can inadvertantly install and execute that virus. If I'm using an account that isn't allowed to install software, though, this may prevet the virus's installation. Also, the amount of damage I can do is limited by the amount of access I have, whether that damage is accidental or intentional.
Root accounts in linux often include reminders of their elevated risk, sich as a skull symbol as part of the command prompt. This is good, but I think there's a benefit to going further. If the account is uncomfortable to use, the user is encouraged to complete their work and get out as soon as possible. The root account on my Windows machine has a red color scheme, with the eye of Sauraon as the wallpaper - I know I'm in the root account, and I don't linger.
