Consult with your legal counsel to determine legal options and liability in the event of a security incident.

Consult with your insurance carrier to determine if your insurance covers losses from break-ins. Determine if your insurance covers business interruption during an investigation. Also determine if you will be required to institute criminal or civil action to recover on your insurance.

Replace any “welcome” messages with warnings against unauthorized use.

Put explicit copyright and/or proprietary property notices in code startup screens and source code. Formally register copyrights on your locally developed code and databases.

Keep your backups separate from your machine.

Keep written records of your actions when investigating an incident. Timestamp and initial media, printouts, and other materials as you proceed.

Develop contingency plans and response plans in advance.

Define, in writing, levels of user access and responsibility. Inform your users what you may monitor. Have all users provide a signature noting their understanding of and agreement to such a statement. Include an explicit statement about the return of manuals, printouts, and other information upon user departure.

Develop contacts with your local law enforcement personnel.

Do not be unduly hesitant about reporting a computer crime and involving law enforcement personnel.

If called upon to help in an investigation, request a signed statement by a judge requesting (or directing) your “expert” ...