Ensure the software on all your desktops and servers with the latest service packs and updates.
Implement a plan for regular updates, and automate it as much as possible.
Deploy antivirus and anti-spyware on all your computers. Enable host-based firewalls.
Physically secure your servers. A locked room is best; heavy cables are better than nothing.
Plan for rolling out roaming profiles and folder redirection (with offline folders) so that client computers can be rebuilt with ease.
Upgrade your wireless networking to WPA.
Change all your passwords to pass phrases.
Implement a backup plan; don't forget to regularly test the media.
Write an Internet acceptable use policy and have all your employees sign it.