I was just at a conference on Business Email Compromise (BEC).  various ISACs, Symantec, the FBI and the CIA presented.  It was very informative and here are a few things that were mentioned

• Watch out for fraudulent scams involving IRS returns

• Put 2FA in place everywhere you can and put a 2 factor policy in place for wire transfers

• If you believe your GMAIL account may have been compromised, or just wish to keep an eye on it, there is a link on the bottom of the page to see the last 10 logins (although I don't see this in inbox, maybe it is only in gmail).

• Set your out of Office messages to be internal only - or force this using rules

• Use something like
• DMARC

These were just some of the points made, but they were good ones.