Do you know how to disable the remote access to other people in your organization (by default)?

I don't usually do admin stuff nor I unfortunately know much about network setups nor I know about the specifics of tailscale setup.

In addition to setting ACLs, you can start the tailscale client in "shields up" mode, where it adds a local rule preventing connections from other nodes to yours. Of course that's not perfect (there are ways to avoid it that if blocked would in turn break legitimate uses by you) but it's there.