We all focus on Endpoint and Network Security but too often overlook software and how security settings should be hardened. For example, when you start to use a software, it is usually configured generically by default. You should consider ways to improve security to access and protect the system.
Can you turn on MFA? Can you turn on encryption? Did you properly assign user access rights and controls? Are you sure admin access was granted based on the principle of least privilege?