ONCE UPON A TIME, ONLY BIG companies had to worry about computer crime. But times change.

Small companies are increasingly vulnerable to computer criminals, ranging from hackers on an electronic joyride to competitors stealing data. "Small companies are often pushovers," says August Bequai, a Washington, D.C., lawyer specializing in industrial security. "They're concerned with growth and cash flow. They don't understand computer security and don't have money to implement it. They become prime targets."

Spies and hackers gain access to computers through telephone lines linking the computers to the outside world; employees on the road or at home use these lines to connect their terminals to the main computer. But criminals can dial the same lines, then manipulate the password system to gain entry -- often a simple task if employees use predictable passwords. Companies are also vulnerable if they buy used computers that lack state-of-the-art security features.

Many computer crimes go unreported, since small companies can't afford the adverse publicity, cost of litigation, or insurance increases that can come with such cases. "Small businesses do everything they can to hide their vulnerability," says Donn Parker, a senior management consultant with SRI International. "It's much easier to simply forget it."

The criminal code isn't much help. Congress has failed to adopt a statute that covers private-sector computer crime. More than 30 states have passed such laws, but only about 60 cases covered by these statutes have reached the courts.