Ensure that emails going outside the org go through additional scrutiny.
The user should have to validate the sensitivity of the email and attachments so the system can deny passing them to untrusted networks.
Use PKI to encrypt important messages so only the recipients can unencrypt them
Use domains that are entirely separated from the internet for military sensitive stuff (NIPR Net, SIPR, JWICS, etc). Those won’t route to the open internet in other countries for any reason.