Nice write-up from the NCSC in the UK regarding common mistakes in designing IT systems and their administration.
https://www.ncsc.gov.uk/whitepaper/security-architecture-anti-patterns
Do you use the ‘browse-up’ method for system administration? In other words, do you use a so called ‘jump-box’ to manage your systems? Find out how you can avoid this!