Security and PCI compliance is part of defense, even though PCI compliance may not prevent all attacks it is a good baseline to have.
Security Policies (Network, Computers, and More)
Social Engineering Knowledge is also good to keep in front of your employees.
Reviewing your options in cloud companies is good for you