When suggesting 'practising security' it is meant adopting practical procedures users can do. For instance, does your PC/laptop need to be "always on"? That is constantly connected to the internet? Could you not switch off 'WiFi' until you need it or put the wireless settings into 'Pilot Mode' or remove the telecom plug from the PC/laptop until you are ready to go on line again?
How do you conduct malware (virus/ransomware/etc.) testing? Only on email attachments? What about USB sticks connected to the PC/laptop? Have you ever thought of getting a second-hand PC/laptop with free malware/phishing software on it and only use that for internet connectivity which contains no business information or important data. If the user then practises using the second-hand PC/laptop only dealing with internet access, emails/attachments and USB connections then if free malware etc programs don't work and your machine is held hostage then what the heck. Just wipe the drive clean and start again: 10 Alternative PC Operating Systems You Can Install ( https://www.howtogeek.com/190217/10-alternative-pc-operating-systems-you-can-install/ ).
One useful publication costing just £0.99 (yes, 99-pence) is available from amazon and published by PeerLyst - Second Community eBook: Essentials of Cybersecurity ( https://www.peerlyst.com/posts/second-community-ebook-essentials-of-cybersecurity-limor-elbaz?trk=post_page_ebook_ad ).
If you believe your skillsets are sufficient to understand networks, as well, then here is a publication which is FREE and can be downloaded by way of the internet called Cybersecurity for Dummies ( http://www.redcentricplc.com/media/2632/cybersecurity-for-dummies.pdf )
Moreover, the British Government hosts a webpage called "Cyber security guidance for business" ( https://www.gov.uk/government/collections/cyber-security-guidance-for-business ) which is full of free and helpful advice and where to get help.