A company has identified that unauthorized disclosure of sensitive data is occurring more frequently due to poor handling by staff members. Which of the following controls should the company implement as an immediate risk mitigation technique?
Enforcing complex password policies for all user accounts
Implementing an intrusion detection system (IDS) to monitor network traffic
Encrypting all data stored on the company's servers
Restricting access to sensitive information based on 'need to know' criteria