Seeking Advice for Network Design, VPN, Firewall, Windows Server & RDP for a small business trying to enable remote work

Hello community! I'm a small business owner, seeking help for setting up network for enabling remote operations for my business.

So, I have an ERP software which is used simultaneously by over 20 users daily. Up until COVID, we have had a main computer setup which had the ERP App Server and MSSQL Database Server. All the client computers installed in office were connected to the main computer via local network. The challenge obviously was that we could use the software only when in office.

With the advent of COVID related lockdown, I brought the main computer to my home, connected it to a server with Windows Server edition, got a fixed IP from my ISP and gave access to all my employees using Windows' RDP deployed on the server.

Since then, I've been through two ransomware attacks, which compromised all my data, causing huge losses in business. Upon discussing it with local networking professionals, I received advice saying that such attacks can be avoided if I do these:

1. add VPN
2. add Firewall
3. remove RDP dependency ("As RDP is one of the most insecure way of accessing database remotely", quoting as advised)
4. move database from local system to cloud like AWS

Now, I talked to my ERP provider and they confirmed that they can provide me a solution where I don't need RDP and simply installing the software on any remote client, and connecting it to Database Server (local or cloud) would do the job.

Now, I have couple of questions:

1. Regarding Windows RDP: Is RDP actually the point of security lapse? Isn't there a way to make it more secure? Not that I am a big advocate of RDP, but I'm looking for a solution that comes with least number of changes in existing workflow, as it becomes a big challenge to update every client computer and re-train my staff.
2. Regarding VPN and Firewall:a. Will setting up VPN and firewall actually save me from these ransomware attacks? To what degree will I be able to protect my data by adding these to my infrastructure?b. If you recommend that I should use VPN and firewall, then: I have received a couple of price quotations from multiple vendors, and I don't know how to evaluate. I'm attaching images here in expectation of your evaluation about which one I should opt for.c. Can we bypass VPN and Firewall by setting up DB on AWS? Are cloud services like AWS, Google and Azure safe option? Do they eliminate any and all risk of ransomware attacks?
3. Regarding Network Design: I am attaching images of current and proposed network designs, expecting your critical evaluation and requesting suggestions for improvement.

(For some reason I can't attach images directly in the post, so adding it via Google Drive folder)All images are in this link: Network Designs and Price Quotations

My requirements are that over 20 people should be able to use the ERP anytime of the day from anywhere in the world.

Please help!