It’s hard to give tips without knowing your situation better, but here are a few general ones that probably already set you apart from the vast majority of other small companies:
Keep your stuff updated, especially when there are security fixes available
don’t take convenience shortcuts that compromise on security (e.g. relying on “security through obscurity”)
block incoming traffic by default (you only need some people from your country to access the network? Maybe even block ip ranges from the other side of the world)
log access to your network and also analyse the logs often (probably with the help of some software)
I’m just some Software Engineer with a few years of experience, not some security expert though😅