After some investigation, we found there are things you can do to limit the risk to your business. One of these, is to ensure that you protect your emails systems. Generally you can make your colleagues and staff aware that they should not open emails from people they don't know and they should never click on links or documents within emails from those people either. But what do you do if those emails come from inside your organisation??
If you are a large organisation, you can contract a 3rd party to help protect you but for small organisations it's not cost effective. There are still things you can do.
Using SPF (Sender Policy Framework) , DKIM (Domain Key Identified Mail) and DMARC (Domain-Based Message Authentication Reporting and Conformance) together can help your business protect against email threats. It's not an absolute failsafe, as your customers, suppliers and business partners all need to be considering similar protection of their own systems, but it will help your company and colleagues feel a little safer.
If, like many new small companies rely on online email and DNS registration rather than hosting these on your own infrastructure, you will need both your email provider and DNS Provider to help keep you safe if you do not have the hold these onsite. As an example here's a link to how Microsoft instruct you how to protect your Email.
Microsoft -SPF is set up automatically for you domain.