Lock down RDPs. Shut down internet-facing RDPs to deny attackers access to networks. If the company needs access to an RDP server, put it behind a VPN.
Take an inventory – and patch. Check that the company has a full inventory of all devices connected to its network and always install the latest security updates, as soon as they are released, on all the devices and servers on the network,
Backups still make sense. Keep regular backups of the company’s most important and current data on an offline storage device.