Are endpoints encrypted on ‘hard-drive’ level?
Do you allow unlimited access to the online netrwork?
Do you enforce 2FA/MFA in every employee endpoint that is involved in serving us?
Did you instructed all remote employees to activate 2FA in their private email accounts?
Do you encrypt data at rest, and in transit?
Have you verified that all employee computers and laptops have updated anti-virus or anti malware installed?