If a company’s username and password database was posted publicly in plain text, which action would best help mitigate future data exfiltration risks?

Implementing salting and hashing is the most effective action to mitigate future data exfiltration risks if a company's username and password database has been publicly exposed. Salting involves adding a unique random value to each password before hashing, which helps protect the passwords against rainbow table attacks and makes it significantly harder for attackers to reverse-engineer the original passwords. Hashing transforms the password into a fixed length string that is not easily reversible.

By salting and hashing passwords, even if a database were to be compromised in the future, the resulting data would not be immediately useful to attackers. Without access to the original passwords, it becomes much more challenging for an unauthorized user to authenticate as another individual, which effectively reduces the risk related to password leakage.

In contrast, while creating Data Loss Prevention (DLP) controls can help prevent sensitive documents from leaving the network, it does not address the fundamental issue of safeguarding passwords. Additionally, configuring web content filters may help block certain web traffic but would not directly prevent future compromises of password databases. Finally, while increasing password complexity requirements can enhance security, it does not replace proper password storage mechanisms such as salting and hashing, which directly protect stored passwords against unauthorized access.