Can't use peer to peer tech without something in the middle to mediate it. That's not an assumption, it's a requirement for a reasonably secure system. Without that approach you're vulnerable to arp hijacking and all manner of related badness.
Requires the sysadmin to implement strong situational awareness. That's not an assumption, it's a requirement for a reasonably secure system.
Daily backups with quick restore. If you don't have this, your network is a time bomb no matter what else you do.
For information loss issues, you partition the network. There's no excuse for time cards bound up in monolithic accounting software where every employee needs to be able to trade packets with the server holding all the employees' SSNs. Any system you can build will leak. Better for those leaks to be droplets rather than a flood.
Or you can do things that are ineffective and crush staff productivity. It'll look good on your resume after the company goes under.