Re: GoToMyPC breach!
I would start with changing your password and making sure that only registered users are allowed on the machine. Once you do that, then worry about restricting access.
As for the goToMyPC, connections have to be established from the client, so thats a plus, the downside is that unless you are not hosting web-sites, you can't disable inbound port 80 on your firewall, which is what gtmpc uses. Not sure if there is a group policy setting you could change to deny this type of behavior. Check the windows event logs, and have your I.T. company check the traffic on the router/firewall and take a look at the packets that were sent through on that day to determine if there was a connection made (although, I would argue: why is the application there if no connection was made?).
Hope this helps, let us know the results.
**Official Self-proclaimed glorified excessive (insert additional adjectives here) post editor/modifier.
Edit = Best feature ever