-
Consult with your legal counsel to determine legal options and liability in the event of a security incident.
-
Consult with your insurance carrier to determine if your insurance covers losses from break-ins. Determine if your insurance covers business interruption during an investigation. Also determine if you will be required to institute criminal or civil action to recover on your insurance.
-
Replace any "welcome" messages with warnings against unauthorized use.
-
Put explicit copyright and/or proprietary property notices in code startup screens and source code. Formally register copyrights on your locally developed code and databases.
-
Keep your backups separate from your machine.
-
Keep written records of your actions when investigating an incident. Timestamp and initial media, printouts, and other materials as you proceed.
-
Develop contingency plans and response plans in advance.
-
Define, in writing, levels of user access and responsibility. Inform your users what you may monitor. Have all users provide a signature noting their understanding of and agreement to such a statement. Include an explicit statement about the return of manuals, printouts, and other information upon user departure .
-
Develop contacts with your local law enforcement personnel.
-
Do not be unduly hesitant about reporting a computer crime and involving law enforcement personnel.
-
If called upon to help in an investigation, request a signed statement by a judge requesting (or directing) your "expert" assistance. Recommend a disinterested third party to act as an expert, if possible.
-
Expand your professional training and contacts by attending security training sessions or conferences. Consider joining security- related organizations.
-
Be aware of other liability concerns.
-
Restrict access to cryptographic software from the network.
-
Restrict or prohibit access to material that could lead to legal difficulties. This includes copyrighted material, pornographic material, trade secrets, etc.
-
Make sure that users understand copyright and license restrictions on commercial software, images, and sound files.
-
Make your users aware of the dangers of electronic harassment or defamation.
-
Make certain that your legal counsel is consulted before you provide locally developed software to others outside your organization.