Need Help Revamping A Poorly Managed Infrastructure As A Student

Im currently studying IT, and have zero actual working experience in the industry. My cousin has asked me to help him with fixing his small business's computers and network.

He has a small office (7 staff, 3 of which are rotating contractors) his IT manager who had been in the business from the start left the country 6 months ago, and the next person who was hired, was caught stealing sensitive data. He says after everything that he has gone through he doesnt trust anyone he doesnt know, and wants to hire me to take charge of the IT department.

They have 5 windows desktops, 2 macs, 2 printers, 2 NAS, UPS, cloud storage, cctv, a swtich, and a domestic router. From what i've gathered nothing is business grade, there is no server, and everything is over 10 years old (including desktops that are running win 10 and cant be upgraded).

The major issue is the filing system, specially with the large number of contractors he has had, and no proper policies. They have over 20TB of data, a lot of duplicates, and no filing organisation whatsoever. A lot of documents are hard copies, and have not been digitised. Staff dont have their own accounts, and they login to PCs local account (PC1, PC2, etc)

On top of that there are numerous network/shared drives that no one knows what they are, which devices they belong to, and in a couple of cases, the passwords to actually access the drives.

One of the two NAS systems has a failed drive that has not been fixed for over a year. One of the NAS systems is WD, and the other one Synology, and both look as if they were bought off of Amazon. Both NAS are connected to the UPS. They dont know which files have been backed up to which NAS, but they do know that the Synology is connected to the cloud storage. What they dont know is how often it is getting backed up to the cloud.

They are using a netgear orbi as main router and WIFI AP, which directly connects to the ISP on WAN, and to a small switch on LAN port. The switch is a small TP Link, 5 port switch that again looks like it might have been purchased off of Amazon. The switch is connected to the 2 NAS, CCTV, and one of the desktops. All other devices are on WIFI. And dont get me started on the wiring mess. I am just thankful that its just a handful of devices.

As much as i would like to burn it all and start from scratch, I cant suggest that.

How should I approach this? What should I keep an eye out for? Any help, solutions, or tips, would be highly appreciated

My initial instinct is to set up network firewall,. Then, get a windows server, set up AD, and one shared drive with appropriate permissions for staff. Set up endpoint protection. Set up a RAID 5 NAS with encrypted data at rest, and have that upload the encrypted data to the cloud storage.