Lisa has received a file attachment from a co-worker, James. She has no reason to expect a file from this person. The most effective security strategy for Lisa to follow would be:
to call, text or IM James before opening the attachment, to verify that he intended to send it.