You're going to see some amazingly stupid things.
The person you think is the most computer literate will be the one to do the dumbest thing and ruin your security (oops!).
That person who knows nothing about computers will break your security in the least likely, most hare brained way possible.
There's no such thing as idiot proof.
Cyber security is more than just computer access and networks.
People are easy to compromise (the easiest!) but take care of your surroundings. I had one customer spend $24k on a server rack which was installed in front of a large pane of glass, on the first floor, near their main entry, visible from the drive through of a major drug store chain barely 100 feet away. Why hack the network when you could just smash the window and take the whole thing then take your time hacking an admin password (which takes seconds if you have direct access).
Trust nothing, if you can't verify it's clean, secure or stable assume it isn't, I've thrown away drives and even complete systems because they couldn't be trusted. A system isn't cheap, but cleaning up a breach, data loss, or a failure is even more costly. I had a company refuse to replace a $400 computer but when it failed they lost 2 days worth of sales totaling $22k.
While not exactly cyber security, BACKUP, BACKUP, BACKUP. It used to be you did it mostly because of viruses and data loss, today you need them in case of ransomware which has become a major factor. Once you get hit you may or may not even have the option to pay and recover the data (many are just an encryption with no key), so you better have backups. Also, make sure they're good. I can't tell you how many offices I see have no backup and in those that did, how often it's no good or only partial. Getting a company to do backups, much less proper ones (or anything preventative really) is probably the single most difficult job in I.T.
Also, keep your ear to the ground, rumors, unsubstantiated or not are often based at least partially on facts. There were rumors were swirling for a while before Meltdown and Specter were confirmed yet many blew it off saying it couldn't happen, it was only in a lab, it's not in the wild and is months or years away, it can't happen to me, it needs authentication (see Findecanor's and my first entry). Even something that starts as a silly and fake rumor may be enough for someone to go looking and actually find something, so take them serious.