First of all, we need to focus on the “human” factor. You should teach your employees to be more aware of attacks by giving them practicality, attention and awareness, analyze their behavior and create behavior changes.
You should periodically test yourself against next-generation threats, depending on your corporate culture, technical infrastructure and the risks you may encounter. By measuring the consequences, you should measure the root causes of the problems, the efficiency of investments, and your ability to withstand potential risks.
To prevent leaks, you should regularly test Antispam, Antivirus, Content Filtering, DLP, Zero Day protection mechanisms for new types of pests, and improve them for missing, incorrect configurations.