Computer security isn't always expensive. Break-ins usually are. Simson Garfinkel, author of Practical UNIX and Internet Security (O'Reilly, 800-998-9938, $39.95), offers the following advice for small-business owners who want simple security on the cheap:

?   Develop a written computer policy for your company. State whether or not employees are allowed to log into the company's system from home. Also, clearly state who is responsible for backing up computer files and whether the company will monitor employees' e-mail.

?   Minimize exposure to the Internet. If you want your company to have access to the Internet but don't want outsiders to have access to your internal information, try "air gapping." Put simply, air gapping means connecting only one computer to the Internet and making sure it's not connected to your internal network. That way, if someone breaks into the connected computer, there's no way to reach your internal system.

?   Back up everything. No security measure can guarantee 100% protection from a break-in or such natural disasters as fire and water damage.

?   Set up internal firewalls. A firewall is software that limits who is allowed into and out of your system. A lot of companies erect only external firewalls because they fail to understand that most computer crimes are inside jobs. Internal firewalls can protect sensitive information from the wrong insiders.