During a recent penetration testing engagement for a financial firm, you discovered that an employee's credentials were used to access sensitive client data during a time when the employee was on a mandatory vacation. This finding should prompt which of the following recommendations in your final report?
Suggest implementing job rotation so that no single employee has exclusive access to sensitive client data for an extended period.
Propose enhanced user training focused on security best practices to prevent employees from sharing their credentials.
Recommend reinforcing the use of mandatory vacations as an operational control, along with auditing account activity during such periods to uncover potential unauthorized access or internal threats.
Advise additional system hardening techniques to ensure that the employee’s credentials cannot be misused during their mandatory vacation period.