A penetration test for a retail organization with multiple physical locations reveals that certain branch managers have the ability to grant themselves higher privileges in the corporate network, potentially enabling access to sensitive customer data. Considering the separation of duties and mitigation of insider threat, what operational control should be recommended in the report to address this finding?
Set up time-of-day restrictions on when branch managers can access the network.
Enforce mandatory vacations for branch managers to identify inappropriate system dependencies.
Implement multifactor authentication for sensitive systems access.
Implement role-based access control to enforce separation of duties.