Following a malware infection at Company I, the post-incident analysis found that employees were using weak passwords, allowing easy access to their accounts by attackers. What is the best solution to mitigate future risks?