User can modify custom field added to users (how to prevent)

I added new fields to the user definition, some of them are not be edited by user, not to be shown to the user.
i.e. those fields are not be be visible or accessible to the user.
I just discovered that those are even editable! (on their own profile)

Is there a way to make them invisible and still presented to the administrator?

In the detail view, i have only shown password last changed field (or any other field that you deem is not useful). so the user will not be able to get get to detailed view to change anything.

if I do that the admin can not modify the field either.
I found out that if the user click on his name he get to an edit screen very similar to the user edit page that the admin use.
although if the user click to see someone else record then he sees the “employee” record.