Accoriding to Network World, the top 10 security best practices from the NSA:

• Use layers of security. . .
• Patch operating systems. . .
• Perform vulnerability scans regularly
• Grant users no more than the access needed to do their jobs
• Use strong passwords
• Verify the source of code before executing it
• Block entire categories of file types as email attachments such as .exe, .vbs, .bat
• Turn off unnecessary TCP and UDP services on all devices to limit their exposure
• Inventory network gear and know its inherent vulnerabilities
• Write a security policy that all employees are aware of

I think these are great, but really quite basic. . .I mean, c'mon, who doesn't have users set at least privileges?  I mean, unless you're installing West ImmForms, My Legal Files MSO plug-in, or other defficiently written applications?!?

Also, if you're not blocking certain MIME types, then maybe it's time to do so in the name of defense in depth.

I hope that when/if we're compromised here, I can at least say, well, we were among the last wo/men standing.  Not that that should be much relief in a zero-sum game.