City Seal The City of San Diego
HomeContact the City
City Seal
City Seal Business City Hall Community Departments Information Leisure Services A-Z Visiting
Police Department HomeHelp Us Help YouIn Your NeighborhoodFormsCrime Prevention and EducationCrime Statistics/MapsAbout SDPDJoin the SDPD
 Tips for Business

Computer Crime Prevention

Computer crimes consist of illegal use of or the unauthorized entry into a computer system or computer data to tamper, interfere, damage, or manipulate the system or data.  Computers can be the subject of the crime, the tool of the crime, or the object of the crime.

As the subject of a crime, someone would use your computer or another computer to willfully alter the data stored in the computer, adding fraudulent inaccurate data, altering data, or omitting input data.  Some motives are revenge, protest, competitive advantage, and ransom.  Most computer‑related crimes are committed by people who are well versed in computer technology.  Most cases of theft by computer result from preparation of false input data.  Have an outside consultant review your input controls and strengthen them if needed.

As the tool of a crime, someone would use your computer to gain access to or alter the data stored on another computer.  In one common mode of attack a hacker would send a “spear phishing” e-mail to employees who have access to the business’ bank accounts.  The e-mail would contain an infected file or a link to a malicious website.  If an employee opens the attachment or goes to the website, malware that gives the hacker access bank account log-ins and passwords would be installed on the computer.  The hacker would then have electronic payments made to accounts from which the money would be withdrawn.

As the object of a crime, computers and system components can be stolen, sabotaged, or destroyed.  Software can be pirated.  More importantly, trade secrets and sensitive business information stored in computers can be lost when computers stolen.

Your computers and computer information should be protected as any valuable business asset.  Stay informed and use new computer security devices and information.  The tips here will help prevent computer crimes.

Physical Protective Measures

  • Install surface locks, cable‑locking devices, and fiber-optic loops prevent equipment theft.
  • Install computers on shelves that can be rolled into lockable furniture when employees leave their work areas.
  • Locate the computer room and data storage library away from outside windows and walls to prevent damage from external events.
  • Install strong doors and locks to the computer room to prevent equipment theft and tampering.
  • Reinforce interior walls to prevent break-ins.  Extend interior walls to the true ceiling.
  • Restrict access to computer facilities to authorized personnel.  Require personnel to wear distinct, color-coded security badges in the computer center.  Allow access through a single entrance.  Other doors should be alarmed and used only as emergency exits.

Procedural and Operational Protective Measures

  • Classify information into categories based on importance and confidentiality.  Use labels such as “Confidential” and “Sensitive.”  Identify software, programs, and data files that need special access controls.
  • Install software access control mechanisms.  Require a unique, verifiable form of identification, such as a user code, or secret password for each user.  Install special access controls, such as a call‑back procedure, if you allow access through a dial‑telephone line connection.
  • Encrypt confidential data stored in computers or transmitted over communication networks.  Use National Institute of Standards and Technology (NIST) data encryption standards.
  • Design audit trails into your computer applications.  Log all access to computer resources with unique user identification.  Separate the duties of systems programmers, application programmers, and computer programmers.
  • Establish procedures for recovering your operating system if it is destroyed.  Store all back‑up data offsite. Make regular back‑ups to aid in recovery.
  • Review automated audit information and control reports to determine if there have been repeated, unsuccessful attempts to log‑on both from within and outside your facility.  Look for unauthorized changes to programs and data files periodically.

Personnel Policies

  • Monitor activities of employees who handle sensitive or confidential data.  Watch for employees who work abnormally long hours, or who refuse to take time off.  Many computer crime schemes require regular, periodic manipulation to avoid detection.  Be aware of employees who collect material not necessary to their jobs, such as programming manuals, printouts for data, programs and software manuals.
  • Change security password codes to block further access by employees who leave or are fired.  The latter become a high risk to your company for revenge or theft.
  • Establish rules for computer use by employees, including removal of disks or printed output.  All employees should sign and date a printed copy of these rules to indicate that he/she understands them. 
  • Train your employees to counter phishing by: (1) not opening any e-mail from an unknown sender, (2) not opening any unexpected e-mail attachments, and (3) not clicking on any website addresses in e-mails even if they look real.

Special Measures for Laptops

Special security measures are needed for laptops to reduce the threat from determined thieves.

  • Issue desktops instead of laptops to employees who seldom leave their offices.
  • Have employees lock up their laptops when they are left unattended in their offices. Never leave laptops unguarded.
  • Have employees carry their laptops in a sports bag or briefcase instead of the manufacturer’s bag.
  • Do not leave laptops in vehicles.
  • Determine if employees need all the data on their laptops to perform their jobs. Remove any data that is not needed.
  • Train employees in the need for special measures to protect laptops and their data wherever they may be used.
  • Create a loss response team to monitor compliance with laptop and data security measures, investigate losses, assess data needs, and remove data no longer needed.
  • Protect data with strong passwords.

Anti-Virus and Malware Protection

The following measures can help protect your computer from viruses and malware:

  • Keep your computer up to date with the latest firewalls, and anti-virus and anti-spyware software. The latter counters programs that secretly record what you type and send the information to the thieves. They are often installed when you visit websites from links in e-mail. Use security software that updates automatically. Visit www.OnGuardOnline.gov for more information.
  • Do not buy “anti-spyware” software in response to unexpected pop-ups or e-mails, especially ones that claim to have scanned your computer and detected malicious software.
  • Do not respond in any way to a telephone or e-mail warning that your computer has a virus even if it appears to come from an anti-virus software provider like Microsoft, Norton, or McAfee. “Helpful hackers” use this ploy to get you to download their software to fix the virus or sell you computer monitoring or security services to give them remote access to your computer so they can steal your passwords, online accounts, and other personal information. If you already have anti-virus software on your computer you’ll receive a security update or warning directly on your computer.
  • Use the latest versions of Internet browsers, e.g., Microsoft Internet Explorer 8, which is designed to prevent phishing attacks. Use Explorer in the “protected mode,” which restricts the installation of files without the user’s consent, and set the “Internet zone security” to high. That disables some of Explorer’s less-secure features. And set your operating system and browser software to automatically download and install security patches.
  • Don't install files or programs from CDs or flash drives before checking them for viruses.
  • Scan demo disks from vendors, shareware, or freeware sources for viruses.
  • Restrict use of electronic bulletin boards.
  • Scan downloaded files for viruses. Avoid downloading executable files.

Protecting Bank Accounts

  • Set up dual controls so that each transaction requires the approval of two people.
  • Establish a daily limit on how much money can be transferred out of your account.
  • Require all transfers be prescheduled by phone or confirmed by a phone call or text message.
  • Require that all new payees be verified.
  • Check bank balances and scheduled payments at the end of every workday, rather than at the beginning, and contact the bank immediately if anything is amiss. Timely action can halt the completion of a fraudulent transaction because transfers usually aren’t made until the next morning.
  • Inquire about your bank’s defenses against cyberattacks and review the terms of your banking agreement with regard to responsibilities for fraud losses. Shop around for banks that provide better protections.

Other Measures

  • Consider joining the FBI’s InfraGard, a partnership with the private sector with the goal of promoting an ongoing dialogue and timely communications between its members and the FBI. Its members gain access to information that enables them to protect their assets from cyber crimes and other threats by sharing information and intelligence.
  • If you become a victim of Internet fraud or receive any suspicious e-mails you should file a complaint with the Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center (NW3C), at www.ic3.gov. The IC3 website also includes tips to assist you avoiding a variety of Internet frauds.
| Police Department Home Page | Help Us Help You | In Your Neighborhood | Forms | Top of Page |
| Crime Prevention & Education | Crime Statistics/Maps | About SDPD | Join the SDPD |
Site Map Privacy Notice Disclaimers
| Home | Business | City Hall | Community | Departments | Information | Leisure | Services A-Z | Visiting |
| Search | Site Map | Contact the City | Privacy Notice | Disclaimers |