Simple and effective
Although there's no hard evidence for any of the tips from the links below (and it would be nice to collect that!), I've always liked simple security interventions that could reduce risk without the associated cost of implementing new tools or processes. It was interesting to see in the same week to separate posts with "cheap" security measures that can help a lot who doesn't want to be the low hanging fruit. Enjoy:
http://www.netspi.com/blog/2012/07/09/5-ways-to-find-systems-running-domain-admin-processes/
http://www.networkworld.com/research/2012/070912-10-crazy-it-security-tricks-260746.html?page=1