There are some basic steps to take to be adequately protected. The basic steps should at least include:
1. Educate your employees of the risks and teach them how to use their devices securely
2. Take care of encryption for all devices
3. Keep all software – AV, operating system, and third party software - up to date
Following these steps, you and your company should at least be a much more difficult target to hit.
Learn more:
Just like any crime it is always perpetrated on the unprepared.