Implement a seriously strong password policy Alphnumeric + Symbol and over 20 characters long, and have in expire on a very short time frame. For starters.

Lock down the machines so no "new" software not totally vetted is able to be installed.
Damm this list is endless, more to the point what have you already done? VPN? DMZ? Honeypots? Intrusion detection? Scanning? Packet Capture? logging and real time monitoring?

http://www.sans.org/aboutsans.php > Specifically Security Reading Room
constantly boneup and run wargames, to get attention, have vulnerable networks compromised from an internal teams with only limited info