If I were the CISO, I would use biometric scanners for the employees to get access to their accounts and once a week make them log in with dual-factor authentication. Biometrics are a good way for you to always “have your password” and a way to make it even safer is to let the employee decide which finger they want to use so that if someone questions an employee about the biometrics they will not know which finger it would be. The dual-factor authentication would be very similar to the one we have at ODU. All you would have to do is download the app and press the check when the notification pops up after logging in. With the implication of those two protections, the company would stay safe.