...
Basics
Passwords
Phishing
Data Storage
Sharing Data
PCI Compliance
Access restriction
Principle of least privilege
Alerts for data changes
eg Email employee if their bank details change on the payroll system
Visibility
Logs
Protecting emails - eg having rules in place for money transfers eg for Email hacking.
SPF / DMARC / DKIM