Computers are being used extensively in Industry, Business, by Public authorities, Scientists and Technologists to process and store vital information and data. While their versatility is a great boon, they are also easy victims to the manipulations of criminals with technical expertise. In advanced countries, computer criminals have stolen vast sums from banks; used confidential information available with public authorities, banks and hospitals to blackmail and extort money from people; and assisted unscrupulous business competitors to steal information about processes, fomulae, know-how, marketing and manufacturing plans, etc. from rivals. The need to create an awareness among computer users to take preventive measures to protect the information stored in computers cannot be over emphasised.

Experts on white collar crime aver that the chances of a computer crime being detected is one in ten thousand. It is also easy for the computer criminal to commit the crime without leaving any tell tale traces, which makes the investigation and subsequent prosecution extremely difficult. Majority of the computer crimes can be prevented if a well structured crime prevention strategy is adopted.

Firstly, executives should realise that proliferation of information technology also creates alongside myriad opportunities for crime. Therefore, while installing computer systems and network, care should be taken to evolve security systems for their protection. Executives by keeping their eyes and ears open, can easily discern signals of wrong doing in the organisation’s computer system.

Common modus operandi are :

1. Some of the employees consistently coming early and leaving late and handling computer systems with no visible results from their extra hours of work;
2. Disgruntled and recently discharged employees frequenting computer centre during lean hours;
3. Employees handling sensitive information bringing in their personal computers and floppies under the pretext of coping with extra work;
4. Employees transferred out of the area coming back seeking information about new pass words and codes;
5. Sudden spurt in Data Processing activities calling for excessive indents of computer consumables while there had been no ostensible increase in the activities of the organisation. All these are to be probed diligently and methodically. Preventive measures can be classified into administrative, organisational and physical controls.

• Establishment of organisational policies and procedures which clearly spell out the expectations from employees utilising computer resources;
• Appointment of a computer coordinator for different groups of users;
• Prescribing standards for procurement, distribution, storage of computers and peripherals;
• Control over movement of computer resources within the organisation; Proper inventory control of Hardware and Software;
• Prevention and prohibition of copying of data, software etc.;
• Prohibition of use of organisational resources at home; and finally
• Strict security measures to safeguard hardware and software after and before regular office hours.

Organisational controls would include:-

• Proper screening of Employees who will work with sensitive data before deployment;
• Systematic briefing of all personnel about safeguards to be taken and advising them of their responsibilities;
• Sensitising employees to the legal implications of Copy Rights Act; Patents Act and Intellectual Property Protection Convention etc.; and
• Debriefing employees leaving the organisation, lest they may inadvertently commit acts which may lead to industrial espionage.

• Access control to the computer centre;
• Differential access to data and encryption devices on Need to Know and Need to Have basis;
• Control over individual pass-words; and
• Control over access to directories.

The information and data stored in computer based systems may become unavailable due to damage through natural causes, arson, mischief, vandalism and a host of other causes. Prudence dictates that vital information should be duplicated and stored in a different location securely and should be available for use in an emergency. Disaster Management plans should include -

• Fire proof storage of hard and software;
• Detailed recovery procedures;
• Educating main users about action to be taken in an emergency to save the stored information.