Yes, I agree there is a certain amount of paranoia from me on this. Based mostly on my lack of knowledge. I think I'm narrowing down my optionsSophos Home Premium does, in total 10 devices can be managed. Imo you are over-complicating with Sbie's, ReHIPS, etc. if you don't have knowledge in that area, it's not softwares for office. For over 10 devices you should be better look at the Sophos Intercept X lineup. Do basics, mandatory is that every user should be under SUA, limit via group policy what they can access, disable unnecasary things, secure network, always have a backup remote managing soft installed like Teamviewer, educate users, etc. For 7 users it's a walk in a park. Invest time in productivity and manageability not paranoia.
2. Hitman pro alert
3. windows defender + configure defender
4. Whitelist ip address on router
5. Tighten firewall
My backup strategy is pretty solid, I use TeamViewer, I have train the users pretty regularly
Thanks for your reply