What group policies need to be set

What is your goal overall? There are 1000s of them. Maybe you want to force computer to autolock after X amount of time so they cant disable it. Maybe you want to force password requirements (like the guy above posted). Windows updates on computer OUs but different ones on servers and download only on DC (all my recommendations). Etc Etc

What group policies do I definitely need to set other than passwords in a company environment?

This is an impossible question to answer.

The requirements will be dictated first by organizational policy which dictates functionality you must enable/disable (e.g. should desktops lock automatically after 10 minutes?), what your patch management cycle is, what security policy you must enforce, etc.
Secondary to that is enforcement of "user preferences", which you may elect to undertake if you wish to disable aspects of the user interface for all or a subset of your users to simplify the interface, remove confusing features, disable undesirable aspects which could be a data protection risk, etc.. Again, policy should ultimately determine what is done here to enhance the user experience, and remember you can only have limited control if a user is granted local administrator rights on their workstation.

The IT department should not operate in a silo but under the full guise of management / the board; operating otherwise typically will not deliver the optimal service to support the goals and needs of the company (and hence users will find their own workarounds / won't understand why IT does what it does). This is harder in small organisations where management have no idea, and the outside consultant is expected to both set and implement policy; in such circumstances, one should still have some idea in mind, even if not formally written up, as to what policy one seeks to enforce before heading into GPO and actually creating that policy.

May be a dumb question but when you disable usb does that affect keyboard/mouse or just jump drives?

Also, I am a one man IT dept. so I don't really have anything to off of, I am just looking to make the place a little more secure.

Typically when you are looking for tighter security you will want to enable the password settings i have outlined in my first post. These settings are configurable to your business needs but should definitely be enabled and enforced.

If you are using AD 2008 and above you can also use PSO (Fine Grain Password Policies) as well to have multiple password policies in a single domain. This way you can provide a stronger password policies for something like Services Accounts or Executives or whatever the case may be.

You are reference the link below for more details.
https://technet.microsoft.com/en-ca/library/cc770842%28v=ws.10%29.aspx

Also FGPP for 2008 is all done via powershell, and not done with the UI.

Will.