As promised, we do not gatekeep our approach and how we protect your computer systems. Instead, we believe in transparency, and actually making a change. Therefore, we encourage you to implement the following changes to your infrastructure if you believe you can do it yourself. If not - contact us, we have your back.
If it doesn't need to be online, take it off. That means RDP, FTP, SMB, etc. No excuses. Most attacks exploit what's blindly left exposed.
For exposed services that need to stay up, generate strong randomized passwords and rotate them weekly for every user account with access. Yes, every week.
On company servers, laptops, or desktops, make sure that all user accounts only have the necessary permissions. If they don't need administrator rights, they should not have administrator rights.
Store critical company data on a machine that's completely air-gapped. Test restoring those backups too, not just creating them.
Keep every application, system, and plugin up to date. Many hackers scan the internet for vulnerable machines and exploit lazy sysadmins who ignore basic patch management.
We're in the forums, chatrooms, and markets where the real attacks are born. If you're not monitoring the threat landscape yourself, make sure someone like us is doing it for you.
No system is unhackable [ref]. Anyone claiming otherwise is full of it. Your job is to contain damage, not pretend you're invincible.