Advise your employees as much as possible about the risks so they stay alert. Remind them not to click on a suspicious link in emails or don’t respond to communications from people that you don’t know really.
Stop and think if this is a real request; my advice – question everything.
Installing at least 2 forms of authentication – for most products these days two-step verification is pretty much built-in. But you’d be surprised that not every organisation uses this mechanism to protect themselves. It can be as simple as a mobile app, it doesn’t have to be the more expensive side of the scale with RSA tokens for example.
Another part is patching up all your devices as soon as possible, so that means all mobiles or laptops, desktops, servers, firewalls or switches, anything on the network.
In most situations the patching is free.