Multi-factor authentication is the single highest-impact control you can turn on. As an admin you can require it for everyone in your organization. Each member then enrolls with an authenticator app and saves backup codes.
As an admin, go to MFA Policy.
Enable org-wide MFA. Optionally set a grace period so existing members have a few days to enroll before it becomes mandatory.
Each user scans the QR code with an authenticator app (such as Google Authenticator or 1Password) and enters the code to confirm.
Have each member store their backup codes somewhere safe. These recover access if they lose their device.
Check the policy page to confirm every member is enrolled and the grace period has not left anyone behind.
For enterprise, pair MFA enforcement with SSO so identity is centrally managed and offboarding is one step.