Network Security

Software contains bugs,
so all computers that are networked need to receive security updates (from a source that you trust to give you those security updates) to stay secure.

Software contains bugs,
so install as little (privileged) software as possible.

Software contains bugs,
so any data that must not be leaked must be kept off computers that are connected to the Internet.

Software contains bugs,
so if a computer containing sensitive data must unavoidably be connected to the Internet, create an application-specific firewall to place between that computer and the Internet. Why application-specific? - so that it can be the simplest piece of hardware possible, running the least software you can get away with, so that it has a chance of containing no remotely-exploitable bugs.