Securiry recommendations

Don't use admin user

Don't use an admin user for everyday work. Use a regular user instead.

2-factor authentication

Enable 2FA for CRM users. Force regular users to set up 2FA. Can be done at Administration > Authentication.

Disable password recovery for admins

Can be done at Administration > Authentication. If you lost admin access and want to recover your password, set 'passwordRecoveryForAdminDisabled' to false in data/config.php.

Password strength

Consider configuring password strength parameters (at Administration > Authentication).

Auth token expiration

Consider decreasing Auth Token Max Idle Time. Additionally, you can also specify Auth Token Lifetime.

Restrict upgrade via UI

Restrict the ability to upgrade and upload extensions via the UI. Set 'adminUpgradeDisabled' => true in data/config-internal.php (as of v8.1, before, it could be done with the restrictedMode parameter).