Start developing a process for keeping all your client applications patched.
Start building a program to systematically evaluate applications to determine what it takes to run them with least privilege.
Experiment with the tools available to secure client applications and to develop standardized client installations.
Read in Chapter 5 about how to configure your users securely.