When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following: 

Which of the following measures should the security engineer take to ensure PII is not intercepted in transit while also preventing interruption to business? 

Answer options:

A. Quarantine emails sent to external domains containing PII and release after inspection.
B. Prevent PII from being sent to domains that allow users to sign up for free webmail.
C. Enable transport layer security on all outbound email communications and attachments.
D. Provide security awareness training regarding transmission of PII.

C