Hi Richard,
This is very broad topic to discuss, basic things you can do is secure the Networks, Desktops, Servers make sure all are patched with latest updates, access only to verified members to the servers, network devices. Least Access and privilege to start with, limited time bound access. Antivirus should be updated with DAT files and periodic scans should be carried out, Spam filter on mails, block unwanted / unknown executables.
I will suggest you to start reading and implementing Zero Trust Security framework - https://www.microsoft.com/en-us/security/business/zero-trust
Hope this helps.
JS
==
Please Accept the answer if the information helped you. This will help us and others in the community as well.