1) Use two-factor Authentication for Authentication to all your web and application services
Your password now is a single point of failure for your email or service getting hacked by unauthorized users. The chances are the account would be exploited in the first day against some social engineering trying to get money from your finance department. Your bank and financial institutions have been using 2fa for years now and it's the recommended solution now to add to the rest of your cloud and local services.
2) Use SSL Certificates whether possible
This is usually added to company's Web Application such as a Document Management Solution or Content Management Solution which use certificates to encrypt traffic between your web browser and the app to make sure no prying eyes will see any confidential data.
SMTP emails should be set to use TLS for mail flow by default over normal port 25.
3) Have a fully up-to-date antivirus program that also Alerts
Windows 7 and Windows 10 now-a-days come with Free Antivirus checkers ( Windows Defencer and Security Essentials) however these are only licensed for Home use. It's best to get a fully managed AV like Webroot where Virus detections are alerted on straight away.
4) Use a third party for Spam Filtering
Even with cloud providers such as Google's Google Apps for Email or Microsoft's Email Hosting 365 , they need that added layer of protection against Spoofing, Phishing and Virus.
Services such as Mimecast and Postini can help protect all the above and provide real time protection to new threats
5) Regularly change your password
Per Bullet point 1) the first form of defense if your password! Make sure this is changed once a month and sign up to https://haveibeenpwned.com/ to make sure this hasn't been compromised elsewhere
6) Keep your Equipment Up-To-Date
Make sure all the firmware on your Wireless Devices , Servers and Routers are kept up-to-date to make sure you install security updates as well as feature updates
7 ) User training
Make sure users are told regularly about current well-known attacks such as phishing , Spear Phishing or Cryptolocker so they can understand what to look out for and ask before clicking!