Ensure that file and directory permissions are the minimum needed to allow users to do their jobs.
Use groups and group permissions, where possible, to control access to files.
Use ACLs where appropriate, but make sure you keep track of the files that use them.
Regularly search for setuid and setgid programs and investigate any that look suspicious.
Setting the sticky bit on all publicly writeable directories used for temporary files will prevent users from deleting other people's files.