Passwords: Train your users on using safe passwords. Prefer password storage tools over easy to remember and guess passwords. Some password settings can be adapted to force stronger password or expiration time for example.

Backups: If you host the software yourself make sure there is a backup mechanism that works from A-Z. Try restoring backups on a regular base.

Restricting html input: It is possible to restrict what users can enter into text fields. By default new projects will refuse to accept anything which might be potentially dangerous. As only your team can enter data there is low risk that dangerous data is entered in the first place. Therefore it is possible to disable that function or extend the allowed input.

This option needs to be explicitly enabled for existing projects (as they might already store some not white listed data). Each project can enable or disable the cleanup with a specific white list (this is done in a project setting [HTML Cleanup]. If there is no project setting a default setting from the server settings is used. This can define a default whitelist. 

Each project has in the project setting [HTML Cleanup] the possibility to scan a project against the project and server setting. Clicking on the little pencil, you can decide to (not) clean specific project(s).

Each field can be exempt from this cleaning (so the data entered in these fields goes like it is entered into the database. In each field you can enable the following option:

If the cleaning is enabled, the html editors allow only some specified html tags and attributes. Other text fields will escape < to &lt; to prevent cleaning.

The server will refuse saving unclean data (also through the rest api)