If your contract data security needs are simple, rather than setting up the Full Security model, you can make use of the Confidential feature.
It is possible for any User (not just administrators) to make a contract 'Confidential'.
If the Confidential checkbox is on your Contract layout, when it is ticked and the record is saved, this will override the existing Security Group settings for that Contract in such a way that only those people directly associated with that Contract (via the 'People' tab) will be able to view and edit the Contract.
If you have set a Contract to 'Confidential' BEFORE any People have been assigned then the system will assign a default Security Group of 'No-One'. All records in the 'No-One' Security Group are only available for Administrators to view.
As you update and add People to the Contract, the Security Group will update from 'No-One' to the relevant values.
Fig 1: Mark a contract "confidential"
Tip: The confidential feature can be used in conjunction with the full security model. There may be one or more contracts that are within a specific security group that you may wish to limit access to (for a short period or on a more permanent basis). Rather than creating a new security group to cater to this exception, make those contracts 'Confidential'.
Tip: Administrators can always view confidential contracts