Check your border router's configuration and add the five important rules if they aren't there.
Consider the firewalls you're using now and whether they're capable of protecting you from modern attacks. Plan for upgrades or replacement if you can, or plan to augment them with application layer proxies.
Re-evaluate your remote access needs. Perhaps some employees don't need full IP VPN and can function with Web-based access to internal resources, published through an application layer proxy.
Plan an evaluation of VPN quarantine methods .