There's only so much you can do in your software, hardware and infrastructure to be safe. To be really secure, security has to start at business level. Your business has to have a sort of security mindfulness. In this way the business processes are structured in a way that they are safe. The IT infrastructure can support this by using things like the principal of least privilege. But these principals only work if the business (processes) supports them.
This doesn't mean you have to sit around and wait for the business to come and ask you to become secure. Businesses are slow on things that cost money and make the lives of employees hard. For example the principle of least privilege means that a user has only authorization for the things she/he normally does, but when she/he needs to do something more it costs time to get the privilege or someone who has this privilege and the time to do this job. You will have to do everything you can to make your software en infrastructure secure, but also you will have to educate your business.