That's absolutely critical. One of our top 10 actions is managing credentials: revoking those credentials when somebody leaves an organization, and making sure that your authorities meet the requirements of your position when you log into a system.
For example, when I log into a system at CSE, I don't have any administrative privileges whatsoever. I can't even change the time on the clock because I don't need that for my job. Our systems administrators take care of that. I can't install software. Our systems administrators take care of that after proper testing. Managing those credentials and making sure they're the most limited set possible is really important, and then for those employees who have elevated privileges, there are other steps that you should take to protect.
For example, if you are a systems administrator, controlling access—what employees can do and how they can do it, what they can do on that account.... One of the easy examples we give is, don't read your email from your administrative account and don't browse the web from your administrative account, because you're operating with elevated privileges. Some simple things can have a remarkably large effect on cybersecurity.