Restrict third parties or other users from accessing parts of your network that are beyond their concerns, and make sure only authorized users who have a legitimate reason to access sensitive information get to do so.
Setting unique access controls around different segments is also essential. This way, if a hacker gains access to one of your subnetworks through a third party, they will need extra time to break out of that network segment and infiltrate another.