You have already reviewed both companies’ internal documentation and diagrams. Along with baseline server and network configurations. You have identified several security risks. The acquired company has offices located in regions well known for hacking activity, and their sensitive data is not encrypted at rest, and not hashed in any of their databases. They have also run a flat network across their sites with very limited segmentation. You are ready to start working on integrating the two networks.
What should the highest priority be for you to resolve prior to connecting the two networks?