You are an information system auditor of HDA Inc. You are auditing and have discovered that users in the organization have individual user accounts with Internet service providers (ISPs) and are using them to download business data. The organization wants to ensure that only the corporate network is used. What should be the first step taken by the organization?