In this day and age, every thing your company does is on the company computers somewhere. Email is forever. First off, you need to identify the things that you need to keep secret from hackers and competitors. Start with personnel records. Those must be secret to keep competitors from pirating your best people. Pay and salary is particularly sensitive because when that gets out, everyone in your company gets bad feelings about everyone who make more than they do. And it points headhunters toward your less well paid people. Production information; mechanical drawings, electrical schematics, parts lists, software source code, test procedures, recipes and formulas. With this stuff someone can set up to make your product and compete with you. That's legal in places like China. At the very least they can make a good guess at your cost of production. Sales and marketing; your customer lists and customer contact information. If the competition gets to your customers and wins them over, you are hurting. Email; there is bound to be damaging information in someone's email.
To keep the hackers out, first consider keeping stuff OFF the hard drives. Back it up to CD-ROM and keep the CD's in a locked room. There is a lot of old stuff on hard drive that you don't use today, but could do a lot of damage in the wrong hands. If the stuff is really valuable, now is the time to establish an off site backup location.
Set up a secure network. This is a small number of computers, kept in locked rooms, and NOT connected to the general company network or the public internet, or the public phone network. By not connected we means NO wires or wireless connections to anywhere. Don't rely on "firewalls", some of them have caught fire in the past. Snip off the wires going to the USB sockets to prevent Flash drive virus invasion. Remove all floppy drives to prevent invasion by merely inserting a boot floppy in the "A:" drive. Keep all your sensitive stuff on the secure network. When you do Engineering Change Orders, pull the master drawing off the secure network, give it to the engineer, and have him return the updated version to the secure network.
Now we come to training your personnel. Start with email. Make sure everyone understands that email lasts forever, and will be used against you in court, and by hackers. Tell them to never put anything in email that they would not post on the bulletin board at the local super market. If the matter is sensitive, handle it face to face or over the phone. And delete old emails after 30 days.
You want to run an anti virus scan once a week on every computer in the company. Virii can do the damnedest things, just ask the Iranians about Stuxnet. Commercial virus scan programs are pretty good, and they get better every week. Keep your anti virus updated. Even if you have a deal that permits IT to run the virus scans remotely, you still want everyone to understand how important they are.
All your creative people want to keep their stuff on their machines, just in case. Encourage them to encrypt it, and/or back it up to CD and keep it in a locked drawer. And make sure the latest version is stored on the secure network as well as on their private hard drives.
Consider getting rid of Windows company wide. It can be done. Linux works, and isn't too difficult for your people to learn. Windows is totally, but totally, insecure. Anything stored on a Windows computer is vulnerable to small children, let alone adult hackers.