Try to avoid a false sense of security by "checking the boxes" of a traditional IT environment. Given the very nature of the dynamic world we are living in right now, look for non-traditional questions that have just started to be asked as a way to keep ahead of where attacks will be coming next.
Training people have to become more of a primary objective in this new world. People have been "forced" to become more of a "power user" in this remote world. With that additional responsibility, also comes risk. Make sure you have forged caution into the users alongside their new abilities.
Efficiency is paramount to everything. Use this time to look at consolidating your IT "Footprint". There may have been a time where a "single-use" type application would be OK, now may be a good time to look at alternatives within the existing infrastructure where that application can be consolidated. Less surface area, less upkeep, better security, and additionally....more focus for everyone to keep things "locked down"