Look for information about security, and you'll find loads of stuff about firewalls, anti-virus protection, and so on. Keeping your data safe involves a lot more than installing some software.
Before going in to some typical aspects of security, we take a broader view :
Network security and system security is about preventing unwanted access to your system, and the information it contains. The simplest way to achieve this is by having your own personal computer, don 't connect it to anything, and let no one else use it. Lock it up in a cupboard when you're not using it.
Things are different when we're talking about a network that is meant to give people access to information. Of course, the rule about the computer in the cupboard still applies : physically restrict access to the server (put it in a room and lock the room), don't let backup tapes lie around, make sure no one can just pull out that hot-swappable disk from your server and walk away with it.
Next, you have to implement a system that, on one hand, gives users access to the information they need, while, on the other hand, they do not have access to information they are not entitled to, nor to the system itself. That is called user management, and should be the first step (step 0) in securing your network.
Typically, your network will be, in one way or another, connected to the Internet so that users can access information there as well. Another aspect of security comes into play ; while you give your users access to the Internet, you don't want anyone from the Internet to just walk in and access your network. You may also want to restrict your users' Internet access, or at least monitor it. That's the area that firewalls are supposed to cover. (Step 1 in securing your network)
The bad guys will try to work around your firewall with tools known as backdoors or Trojans (Trojan Horse). If they manage to install a program on one of your workstations or servers that makes a connection with them, your firewall may allow it because the connection is set up from your network, as if a legitimate user is connecting to the internet.
How will they do that ? They may send it attached to an e-mail message and hope a user will be stupid enough to run it. Often, this hope is not in vain. Or they may have a web site waiting for an unsuspecting user who will click 'OK' on anything, also to a web page's 'do you wish to install ...'. Or they hide this little back door program in a 'must have' screen saver, in the tool you just used to crack the copyright protection of some CD or DVD, in that cool program you've downloaded from the Internet, etc. They may also use a virus or a worm that does nothing else than installing the backdoor and then mail itself to everyone in your address book, looking for the next victim.
To avoid this category of security breaches, antivirus software helps, but as the virus signature files always are a bit behind on the newest viruses, they're not b100% secure. They need to be complemented with user education, such as : don't accept attachments if you don't know why it was send to you. Don't let the promise of wild sex or a larger penis lure you in to saying 'OK, just install anything you want on my computer', and so on.
Then again, you may be running services such as a web server or a mail server, who would need to communicate with the Internet. Or you may have data communication software installed, such as PC Anywhere, LapLink, GotoMyPC, or File sharing software such as Kazaa and the likes, communication tools such as ICQ, etc. All of these are meant to communicate with the Internet, and to accept communication from the Internet, so you can already ask yourself : who are they communicating with, and do I have full control over their communication. Often you won't. And then, most of them will have exploitable flaws in it. Exploitable flaws means that sooner or later someone will discover that he can manipulate them so that they can be used to connect to and allow access to the computer are installed on.
The web page you're visiting has JavaScript or ActiveX objects that your browser will execute without thinking twice (unless you tell it to). And of course you have no idea of what exactly those scripts or the code in the ActiveX objects will do, do you ? And with cut and paste, anyone can make a web page like that.
Read this overview of Home Network Security to get an idea of the kind of things that may go wrong.
Data security also mains : baing able to recover from a loss or destruction of data. RAID is hard disk technology that not only can be used for better performance, but also to secure data on the hard disk(s). And backups ... everybody knows what a backup is. This paper (.pfd) explains it all very well, so no need for me to repeat all that.