How much would security cost? To do it right?
Not a lot, actually. The most important aspect of real security is compartmentalization—ensuring that you don't have any high-value individual targets:
- Every desktop has individual credentials for the local user, and except when unavoidable, you don't grant any network users (LDAP, etc.) any access. Every desktop has a separate external hard drive used for backup.
- For shared projects, you have project servers, one per major project. Just like desktop machines, access is granted only to people working on the project. It has its own credentials, and it is backed up separately—ideally to an off-site server, and stored encrypted on that server.
- Every email not involving a mailing list is sent encrypted, so that it never exists in a decrypted form on a centralized server.
None of those things should cost significant amounts of money. They're just simple policy decisions. And with a scheme like the above, you typically wouldn't see attacks like this being successful in the absence of a massive zero-day remote kernel exploit.
If you want added security, you could write a piece of software in a few minutes that logs all traffic by IP address and port, then compares it with traffic requested by the user's web browser (by continuously reading the browser's history and uploading any new locations every couple of minutes), and flags anything that doesn't match. Automatically ignore any automatic updates by software that your IT department installed, plus any known addresses owned by your OS manufacturer. If you see any other traffic, shut off the port immediately, and contact the user to verify that the traffic is expected. If so, whitelist that IP and port after verifying that the software the user is running is legit.
Finally, add mail server rules that sanity check any email attachments, and similar rules for your HTTP proxy. If someone receives a disk image, ZIP archive, or other archive, extract the contents and ensure that there are no executables within it. If there are, allow the attachment if the executable is signed by a trusted authority. Otherwise, store a copy of the attachment in a secure location, and either filter it from the mail archive or refuse to send the final packet of data to the web browser. Flag it for review.
Like the two guys running away from the grizzly bear, security doesn't have to be flawless; it just has to be robust enough to convince the attacker to go after an easier target.