In most companies, employees need a user identity to access work-related hardware and software. Privileges to use certain applications or open certain files usually are provided to workers based on their department, role and level of authority. Over their tenure, employees might accumulate various privileges they no longer need. For example, someone who once worked in accounting might retain the ability to make journal entries even after transferring to the legal department. Unfortunately, dishonest employees could use their privileges for nefarious purposes. Best practices Privileged users sometimes use their access to perpetrate fraud, intellectual property theft or sabotage. And they don’t always act alone. Third parties, such as competitors, could try to recruit privileged users to steal trade secrets. Or employees could collude with hackers to compromise...