No two situations are the same, therefore, don't be tempted to use an off-the-shelf solution, and then just assume you are protected. Start by doing a simple "risk analysis" of your personal and/or company situation. Also remember that some threats will come from completely non-computer related sources e.g. fire or flooding.
If moving is not a option, then you have to accept the risk. You may also decide to employ professionals to further reduce your risk, but this has to be balanced against the cost.

Next do a thorough audit of your information assets to find out who has access to them. Most security breaches happen with the knowledge or even help of your own staff, and in many organisations data is stored completely un-encrypted, so the "administrators" can see anything. Administrators do NOT have to be able to read or comprehend your data to administer it, therefore sensitive information should be encrypted and accessible either through an application, or via a key that is only known to those with the correct authority.
Another common problem uncovered during an audit is that a lot of companies do not remove the accounts of users that have left, or no longer need access.

According to recent research, the number of "drive-by shooting" type attacks remains quite low, however if you are unlucky enough to be a victim, the damage done can be devastating! This is where a casual hacker targets your system, sometimes at random, and attempts a destructive attack. Today's weapon of choice, for the casual hacker (script kiddy), is the "Prank" or "Trojan Horse". This is where a virus or worm is released and spread indiscriminately through a mail message that is sent to a random number of recipients. Your e-mail address is usually gleaned from a mixture of intelligent guessing, and from robot programs that trawl newsgroups and web pages, thus you should never use your e-mail address as a username.
Another major source of problems are marketing organisations that are not particularly bothered who they share your details with. Be careful before you give out personal information, and carefully examine each vendor's policy on data sharing. Another simple defence method is to create a dummy public e-mail address and set of basic details that can be used only for this purpose.

There are two major situations that you need to consider:

1. When your inside the security perimeter looking out.
2. When an outsider is on the outside looking in.

It is vital that you clearly understand this otherwise you could end up with the classic "M&M Structure", that is hard on the outside, but soft on the inside. The majority of organisations still fall into this category!