Make sure to enable MFA.
Employees should be informed as to whom they should contact in the event of an incident of this nature.
Enforce stricter controls around the device status to ensure strong device verification.
Unmanaged or unknown devices should be restricted or blocked from enrollment and access.
Enforce a baseline set of security controls by enabling posture checking before enabling VPN connections from remote endpoints.
Another important security control is the segmentation of the network.
The collection of logs should be centralized.
Maintaining an offline backup strategy and testing the backups periodically is important.
Performing a review of the execution of command lines on endpoints is recommended.