Rating: +0
Iris,
Start with a strong [written] Information Protection Policy first, and ensure that all employees are aware, regularly trained as to adherence, aware of the consequences for violations to the policy and attest to it's acceptance in writing or electronically. This training should be part of the HR on-boarding process for all new hires.
Then do all of the systems best practices that are recommended here in the other responses.
Note that 99% of all information breaches occur from "within" the firewalls and not from external firewall attacks.
While we like to believe that information breaches are like we see on TV and very "high-tech", in reality they are often very "low-tech".
They are rather simple, like leaving a password on a sticky note on a monitor; or leaving confidential M&A documents at the fax machine; or a disgruntled employee e-mailing trade-secrets (customer list) to a competitor from their Hotmail account during office hours while attached to the corporate network. Burning corporate data (sales pipe-line) onto a thumb-drive and dropping it in a pocket and taking it home. Oh, and the best one is when the “official” backup tape rotation includes taking a tape home, "just in case".
Develop written policies in concert with HR, Legal, and outside assistance.
Good Luck,
Peter
April 2009