Install an antivirus. Use an open source and free (as in freedom) antivirus software. Those are usually as good as commercial ones, and do not spy on you. While free versions of commercial antivirus programs are popular, they lack critical defense components. The paid ones have all features.
Use a secure web access proxy and protect all your internet traffic from ransomware and other malware.
For internal communications - implement Email headers analysis, authorized sender domains policy or, better yet, switch to non-email communication tools like MEGA.
