The top five immediate information security priorities for a small to medium business should be:

1. Use complex passwords that are different for each website or application and make sure these are stored in a secure location no one else can access.
2. Setup multi factor authentication (MFA) which is sometimes referred to as two factor authentication for all websites and applications you use to secure your account. Doing this will prevent a vast majority of hacking attempts even if your passwords have become compromised
3. Not knowing what you don't know. Understanding that you can't know about protentional security issues that need to be addressed if you aren't a specialist on the subject. Sometimes acknowledging that you need a specialist in this area is the best solution. As you can't protect from threats that you don't know about or understand.
4. Stop sharing passwords throughout the office and make sure that different levels of access are provided to different members of the teams. So, if one account is compromised it doesn't allow access to the entire system which will help limit your exposure.
5. Look to the implementation of continuous improvement in your security. This is something most small to medium businesses should be re-evaluating every 6 to 12 months, to address the latest security threats.