One of the ways that systems are vulnerable to viruses and malware is that they are not properly secured against unauthorized access. For example, systems might not be properly isolated from public access, meaning that an unauthorized user could physically access your systems, letting them install malware while on site. However, unauthorized access can also occur remotely. If your systems do not use proper encryption or have strong passwords, there is the possibility for someone to hack your system, stealing your data and potentially installing malware to accomplish other nefarious purposes.
Therefore, there are several things which you should do to ensure that access to your system is limited to those you intend it for. One of those is to use a strong password. Many users use very basic passwords, which are easy for hackers to guess. Many high-profile hacks have occurred as a result of hackers simply guessing the passwords of celebrities or business leaders. Therefore, ensure that your password is sufficiently long and complex that it will not be guessed easily. Substituting the o in Password for a 0 does not make a strong password: that is far too common. Not only should you protect your passwords, but also the systems used to manage and store them. A good password is useless if it is stored (digitally or physically) in a location which is not secure.
Another key step in ensuring that your system is not infected is to control vectors of transmission for viruses. If it is absolutely critical that a machine not be infected, make sure that it is not connected to the internet. Additionally, control access to its data ports. If it is hooked up to an infected machine or device, it is as good as infected. Hiring a security expert who can help design systems which have appropriate levels of protection for the data being stored will help to ensure that your important information is not stolen or destroyed.
Finally, it is important to properly train your employees in security. Many security breaches and covert installations of malware have been accomplished through social engineering. Someone pretending to be an inspector, policeman, or other trusted figure can sweet talk their way past security, and with physical access to the systems, install some rather nasty malware. Training your employees for proper protocol will help prevent confusion and ensure that no matter the situation, they will help to protect your data.