Yes it is possible to get in front of security problems.
First have a Security policy in place.
The policy will include patching all systems in a best possible method. I.e. cannot patch a system during production hours without testing first. But as soon as a patch is tested, then the production system should be patched.
Items as how to handle new USB drives is important.
Second have the best possible technologies in place which includes the following:
NGFW – Next Generation FireWall – not just stateful multi-layer inspection, but an integrated Intrusion Prevention System that operates at layer 3 or layer 2.
Wifi access points with WPA2 encryption
We can help you size a firewall technology for your needs. Contact Us Tony Zafiropoulos 314-504-3974