Several things can minimize the attack surface of businesses. Effective steps include:
​1. Securely storing passwords

​2. Using identify and access management (IAM) tools to control employee access to files and applications.
​
​3. Utilize a data loss prevention (DLP) tool to prevent sensitive data leaks and file exfiltration.
​
​4. Install endpoint detection and response (EDR) software on all servers and workstations. This will protect the devices from malware, command & control, lateral movement, control installation of software and much more.
​
​These are just some of the things that every organization should do to protect themselves. It's important to use a layered security approach to securing your business. This means that using multiple layers of security will minimize your vulnerability risk.
​
​However, it is important to note that a lot of organizations can't implement all of the software that are industry standard. Pricing and manning are considerations to weigh before purchasing these tools. 
​
​It is recommended that businesses seek out a consultant in the cybersecurity space that can look at your current situation and recommend the most economic and effective strategy.
​
​I hope this was helpful to the folks in this discussion! I am here for questions anytime.
​
​-Patrick M.