Security for a 10-computer network

If the data is extremely important, I would disable all unused ports on the LAN.  I would also make sure I was very strict with the permissions on the NAS drives.  If you have any services that are being hosted internally I would put those services in a DMZ.  I would also encrypt your offsite backups (assuming you have offsite backups).  I would also look into a centrally managed AV/antispyware solution like symantec endpoint.  Adding a 2003/2008 server would bring in resources that could improve the security of the environment, but by default it would make it either worse or no better.  So if you plan on bringing a server into the environment, make sure you harden it BEFORE putting it into production.

Hope that helps.

KMC

A hardware firewall would do wonders for security and lock off all used ports. Sonicwall has some good solutions for this.  www.sonicwall.com      A server would increase your security but it would have to have it setup as a domain, otherwise there would be little to no benefit.  Then you would be able to set better permissions on your NTFS drive. You could also use IPSEC on your network to increase security however it does take a small toll on speed.

Another good centrally managed AV is nod32 business edition I use it for 30 machines where I work and i love it.    

Also look at the user abiliies and habits, if something is going to get out usually it is from the user doing something silly (like leaving a USB drive  with sensitive information somewhere)