One of my colleagues, Nick Cross, posts links to articles he thinks are worth reading. This is one of the ones I though was worth re-posting.
Essentially, the key suggestions I took from it is that the jump server should be application white-listed to the bare bones, and should be auto-rebuilt on a daily basis.
It suggests some other controls, but these are the two key ones which I think could be “easiest” to implement.
