In a 200 environment, I would make sure the default passcodes are changed, you could also expand the passcode length
Passcode length a minimum of 6 digits.
Change Installer, Manager, and Admin level passcodes.
Make Mailbox 0 a Message Only mailbox (may take some finesse in some instances).
Change the COR to for all VM ports so they cannot dial out, or cannot dial long distance. (This may cause an issue with "press 2 to be connected to my cell phone" but losing this feature is a small price to pay for the few LD cell phone users who use it)
Mitel used to have a document on recommended changes, but these are the main ones. Oh, and make sure your ARS is setup correctly, and blocking known area codes and international access except for the few users who really need it.
