The Biggest Tech Disasters -- and How to Avoid Them

How to respond: Your response depends on what you have done up front. For about $40 and up per laptop per year, services such as MyLaptopGPS and Absolute Software's Computrace LoJack for Laptops may be able to get the computer back. If you have installed one of these programs, the stolen machine will report its location to the authorities as soon as the thief connects to the Internet. Some services let you remotely wipe all data from the hard drive or will even covertly download files from the stolen laptop for you. If you don't have a tracing program, the best you can do is report the serial number to the police and the manufacturer and hope it winds up at a repair shop.
Preventive measures: In addition to installing tracing software, make sure to encrypt the hard drive. "If the data's encrypted, thieves can't use it, and you'll save yourself notice costs and bad public relations," says Randy Gainer, who deals with many privacy and security cases as a partner in Davis Wright Tremaine, a Seattle law firm. The enterprise edition of the Windows Vista operating system has an encryption feature, BitLocker, built in. Other encryption programs, such as PGP Whole Disk Encryption or Veridis' FileCrypt, can run about $50 to $120 per computer. Other tips: Record your laptops' serial numbers in a handy place. And advise employees to treat a laptop like a wallet. You wouldn't leave your wallet in the car, and you shouldn't leave your laptop there, either.

How to respond: If your IT team can't bring your computer back to life, the only option is to send the drive to a data recovery service, which can charge anywhere from several hundred to several thousand dollars to rescue your files. The services aren't always successful.
Preventive measures: Back up your hard drive often, and use online services such as Mozy, iBackup, or EVault, which charge monthly fees of about $10 and up per employee. That way, even if a fire or flood ravages your server room, the data will be fine. You could also swap your current hard drive for a system that uses two drives to store two sets of your data, otherwise known as a RAID. So if one of the hard drives were to fail, you would still have the other.

How to respond: Many viruses can be contained or removed with antivirus software. The Gpcode.ak virus is an exception. However, Kaspersky Lab, which sells antivirus programs, recently released a free program, StopGpcode, that may help you unlock your files without capitulating to the blackmailers.
Preventive measures: Install antivirus software on all company computers and keep the virus definitions up to date. And make sure to back up your data frequently, just in case you need to revert to the last system-restore point before the virus hit. You can also use services like Postini, which, for about $12 per user per year, will remove viruses from e-mails before they reach your inbox. Companies of a certain size can try something called application whitelisting. Programs like Bit9's Parity, which is available for about $30 per computer for a minimum of 100 machines, allow only software approved by the IT department to run on employee computers.

How to respond: If you think there has been a breach, take action right away. Consider taking your website offline, hiring a security firm to investigate, and contacting the authorities, the credit bureaus, and its customers. You'll need to do the same, and also contact your attorney, if hackers may have gained access to credit card numbers or other sensitive information. It has become the norm to offer customers a year of credit monitoring services, which can cost about $10 a month per customer. Brace for customer defections, lawsuits, and possible fines from the FTC.
Preventive measures: There is no foolproof way to stop all hacks. So make sure your website encrypts your customers' credit card numbers and passwords (as opposed to storing them in a readable text format). That way, even if hackers get in, they won't be able to see the information. And make sure that you apply the latest security patches to your software to protect against known vulnerabilities. One in five hacks exploits a security hole that's been public knowledge for six months or longer. McAfee offers a service called McAfee Secure, which scans your website daily for known security vulnerabilities. The service starts at about $1,700 to $2,800 a year for sites with fewer than 30,000 daily page views. Sophisticated techies may also be able to create what's known as a honeypot, phony files and decoy servers that are used to trap hackers. It's sort of like leaving a fake pile of gold out in the open -- if anyone tries to take it, you will know the system is under attack.