Get the basics right
Everyone needs to know what their role is & what to do in the event of a cyber breach
Get your people comfortable with noticing and alerting IT teams
All your equipment needs to be managed from phones to laptops
Roles & premissions need to be defined & understood(who has access to what & why)
Understand what you are using & doing with your I.T including third party roles.
Trust nobody, not even your own employees.