Make unique accounts for each user per device

Create individual accounts that grant only the access and permissions required by each user. When you need to grant daily use accounts administrative permissions, only do so temporarily. This precaution decreases the impact of bad choices, such as clicking on phishing emails or visiting malicious websites.