Help! Somebody Save Our Files!

How to respond: Many viruses can be contained or removed with antivirus software. The Gpcode.ak virus is an exception. However, Kaspersky Lab, which sells antivirus programs, recently released a free program, StopGpcode, that may help you unlock your files without capitulating to the blackmailers.

Preventive measures: Install antivirus software on all company computers and keep the virus definitions up to date. And make sure to back up your data frequently, just in case you need to revert to the last system-restore point before the virus hit. You can also use services like Postini, which, for about $12 per user per year, will remove viruses from e-mails before they reach your inbox. Companies of a certain size can try something called application whitelisting. Programs like Bit9's Parity, which is available for about $30 per computer for a minimum of 100 machines, allow only software approved by the IT department to run on employee computers.

4. System hacks

It's tough to keep up with hackers, because they are constantly finding new ways to infiltrate databases. In January, Davidson Companies, a financial services firm based in Great Falls, Montana, announced that a hacker may have been able to access personal data on its current and former customers. A handful of the estimated 226,000 affected customers have since filed a lawsuit. Davidson Companies would not comment.

Hackers often target financial companies. They also have an eye for e-commerce sites. In January, the Federal Trade Commission announced a settlement with Life Is Good, a Boston-based apparel maker. The agency criticized the company's e-commerce security after a 2006 incident, in which a hacker used an "SQL injection attack" -- an attempt to gain control of the database by typing code into areas like search boxes -- to grab customers' credit card numbers and expiration dates. The terms of the settlement require Life Is Good to beef up security and hire an independent security auditor to evaluate its systems for the next 20 years. The company declined to comment on the settlement, but an FTC representative says the agency learns about the cases it investigates through a variety of sources, including suppliers and customers.

Often companies don't even realize they have been hacked until well after the fact. According to a recent security report by Verizon Business, 70 percent of firms didn't know they had been hacked until someone else -- a customer or a bank -- reported suspicious activity.

How to respond: If you think there has been a breach, take action right away. Davidson Companies immediately took its website offline, hired a security firm to investigate, and contacted the authorities, the credit bureaus, and its customers. You'll need to do the same, and also contact your attorney, if hackers may have gained access to credit card numbers or other sensitive information. It has become the norm to offer customers a year of credit monitoring services, which can cost about $10 a month per customer. Brace for customer defections, lawsuits, and possible fines from the FTC.

Preventive measures: There is no foolproof way to stop all hacks. So make sure your website encrypts your customers' credit card numbers and passwords (as opposed to storing them in a readable text format, which is what Life Is Good did before the attack). That way, even if hackers get in, they won't be able to see the information. And make sure that you apply the latest security patches to your software to protect against known vulnerabilities. One in five hacks exploits a security hole that's been public knowledge for six months or longer. McAfee (NYSE:MFE) offers a service called McAfee Secure, which scans your website daily for known security vulnerabilities. The service starts at about $1,700 to $2,800 a year for sites with fewer than 30,000 daily page views. Sophisticated techies may also be able to create what's known as a honeypot, phony files and decoy servers that are used to trap hackers. It's sort of like leaving a fake pile of gold out in the open -- if anyone tries to take it, you will know the system is under attack.