Comment A reasonable compromise (Score 2) 314
I'm going to assume that this is a serious question, if slightly fuzzily worded. And that what you want is the best security position that is practical, and still have a computing environment that is useful to you.
So this is going to draw some fire I suspect, but maybe start by reading the PCI DSS Data Security Standard and apply as much as possible of the practical stuff to your environment.
PCI DSS has its issues and its critics and is most definitely not perfect. But it is an attempt by a group comprising of all the major credit and debit card brands to define how to secure a computing environment that is connected to the internet and contains sensitive information.
A lot of it won't be relevant to you. But if you're not trying to achieve compliance, you can throw out the bits you don't need.