Security is always about a balance between security and usability. One thing to look at is policy. What does current policy state? Policy should dictate what is and is not allowed. Check out the SANS policy institute for some free templates. You also need to consider if there is an acceptable use policy (AUP). With those in place you might want to start by denying access to objectionable websites. You should also block incoming traffic from areas of the world in which you do not do business.
You might also want to block IP's from known questionable addresses. Dshield.org has a suspicious networks block list you can check out. On internal computers and servers you need to make sure you have anti-virus installed, anti-spyware, and anti-malware installed.
Dig Deeper on Network Security Best Practices and Products
Related Q&A from Michael Gregg
Enterprise security expert, Michael Gregg answers a question regarding port 3389 issues when a user tries to open port 3389 RDP on their router to ... Continue Reading
Security expert Michael Gregg discusses the disadvantages to a layered approach to enterprise security. Continue Reading
Security expert Michael Gregg fields a question about unknown network cards gaining access to a user's network. Continue Reading