4. Hire a hacker. That's right. Hire a computer expert to find the flaws in your organization's computer system. They won't damage the system, or steal files. Their job is to show you what's not working so you can fix it.

5. If you sell products on the Internet, fight fraud by requiring customers to tell you where they live. Credit card companies call this "address verification" and it can cut your fraud rate down to next-to-nothing!

6. Check your business site for copyright violations. Do you have pictures of movie stars? Reprints of articles from magazine? Sound clips from your favorite album? You could be liable for a ton of money! Take those offending pieces off your web site now!

7. Create an Internet Access Policy for your employees. If you don't have a policy, you could be liable for their criminal actions on the Internet. If they post libelous information in an e-mail, that could be used as evidence in court! Most people don't realize this and that could cost them big time!

8. Tell your employees not to post company information on newsgroups. You won't believe how much information is leaked by companies on newsgroups. Employees ask questions or answer questions and unknowingly give out hints about your company's new products and marketing strategies!

9. Check out your online image. Are people spreading inaccurate information about your company via the Internet? This has happened to Tommy Hilfiger, Snapple, Nieman Marcus and many other companies. Use search engines to check everything that's being said about your company -- and notify the people when they say misstatements!

10. Beware of offers that sound too good to be true! You won't believe how many shills are on the Internet! They try to get you to buy stocks that are supposed to go up in value, or buy products at prices that are just too unbelievably low. Don't be fooled!

11. Install a site blocker program that prevents employees from wasting time at recreational web sites. Millions of hours are wasted by employees who surf the web on company time to look at sites devoted to stocks, sports, game and pornography. Several programs block these sites from prying eyes.

12. Install a spam filter to weed out unsolicited ads sent by e-mail. Everyone hates spam but no one ever does anything about it! You can use your browser's filter commands to send spam directly to the trash bin. You'll save lots of time by not reading this garbage. And you'll save yourself from being conned by scammers who use spam.

13. Update your browser. Early versions of the major browsers from Netscape and Microsoft have serious bugs that allow criminals to read the information on your hard disk! You can download the latest versions of these programs for free.

14. Protect your good name. Register the domain names for your company, its products and even book titles. So-called "cybersquatters" are trying to register every conceivable name as a domain name and then sell the rights to you! Beat them at their own game by registering these names as soon as you can.

15. Add digital watermarks to your photographic images so you can trace them if pirates steal them and post them on their web sites.

16. Protect your computer from the environment. Power outages, floods, fires and earthquakes can shut down your business. Prevent problems by backing up your data frequently and store the copies at an off-site location. Also, purchase power surge electrical outlets and UPS power strips that keep the power running, even when the electrical system goes to a blackout.

17. Urge employees to log off their computer systems when they leave their desks. This will prevent impersonation scams. Imagine that Veronica leaves her desk and doesn't log off. Her back-stabbing friend Lindy sits down at the computer and send e-mail to the big boss saying he's a "so-and-so jerk." Guess who's name is on the return e-mail address. Veronicas!

18. Verify your large orders and new accounts by phone. Impersonation can be a be big fraud factor. Someone could send you a large order and you ship the goods -- only to find that the person doesn't exist and the company denies ordering the goods. You're left holding the losses.

19. Remove "pirated software" from your computer systems. Pirate software is software that you didn't pay for, but use anyway. This violates the publisher's rights. If the publisher finds out, you can be sued for hundreds of thousands of dollars. You could even be turned in by other employees who are upset with you for one reason or another and want to extract revenge!

20. When you let an employee go, change his password immediately, so he can't damage your files if he is vengeful.

21. State your company's intentions to prosecute fraudulent orders on your website. That might be enough to scare away scamsters.

22. Let employees know that their e-mail is not private. The courts have ruled that employers can read employees' e-mails. This might stop people from writing things that can harm your company, like harassing other employees

23. Don't fill out registration forms at web sites that ask for information you don't want the world to know about. Do you really want to disclose your income just so you can get a free e-mail account in exchange?

24. Don't disclose any personal information or even your e-mail address if the company doesn't tell you what they will do with the information. They might sell your names to mailing list companies. You could find your mailbox flooded with unsolicited commercial messages or spam.

25. Don't respond to spam by asking them to remove you from their list. That puts you on another list of people who read spam!

26. Don't get upset by spam. It isn't worth it. Just hit the "delete" key and move on.

27. Register your domain name in different countries to protect your rights around the world.

28. Don't ever give out your password to anyone you don't know. Online scammers try to pry passwords from you by sending you e-mail claiming to be representatives of your online service provider. Some scammers will even call you on the phone and pretend to be a consultant working for your company!

29. Subscribe to newsletters that monitor online scams so you can be alert to the newest con games. Go to the www.riskybusiness.org site for a list of the best sites and free newsletters.

30. Report scam artists to the Federal Trade Commission or Securities and Exchange Commission. These government agencies treat Internet crimes very seriously and have prosecuted many cases.

"If you take any one step, you'll be ahead of the game," says Janal. "If you do all these measures, you'll build a virtual fortress to protect your company."

THE CYBERTHIEF AND THE SAMURAI By Jeff Goodell 328 pages. Dell. Paper, $5.99.

Tsutomu Shimomura (the computer security expert) is obsessed with Kevin Mitnick (fugitive hacker). John Markoff (New York Times reporter) is obsessed with Mr. Mitnick and Mr. Shimomura. Jonathan Littman (freelance journalist) is obsessed with Mr. Shimomura and Mr. Mitnick and especially Mr. Markoff. On Christmas Day 1994, Mr. Mitnick carries out an electronic commando raid into Mr. Shimomura's computer and makes off with software and a ton of mail. Mr. Shimomura expresses his annoyance by suspending his ski vacation, but only for the few weeks necessary to track Mr. Mitnick down. (Mr. Mitnick has eluded the F.B.I. for years.)

Enter Jeff Goodell, another freelance journalist, who merely wants to cover the story and get the facts straight. But Mr. Shimomura is off skiing on a mountaintop, so Mr. Goodell pursues him through rain, hail, snow, blizzard and whiteout, cornering him at last in an isolated lodge where Mr. Shimomura (who is avoiding the press) is inconspicuous except for the long ponytail and purple Lycra pants. He won't talk. So Mr. Goodell, naturally, buys himself a ski outfit and volunteers to be his student. Mr. Shimomura, it turns out, yearns first and foremost to be a ski instructor. When Mr. Goodell toddles after him onto the slopes, Mr. Shimomura takes pity and grants the interview. Cut.

The result of all this has been three wildly different versions of the same story. ''Takedown,'' by Mr. Shimomura and Mr. Markoff, narrates the several weeks between the Christmas break-in and Mr. Mitnick's capture. It is fascinating on two levels. At its best, the crime story is hypnotic. Reading it is like walking a big city's sidewalks when you notice, suddenly, that you have ventured onto a steel grate and there is a yawning chasm below; underneath the placid, moderately boring surface of the Internet is a world of immense technical complexity inhabited by strange people. On another level, ''Takedown'' is an intriguing self-portrait by Mr. Shimomura. Many people hold the mistaken belief (shored up by the fantastically unimaginative world of the movies) that brilliant scientists and technologists are just like them, only smarter. The reality is more interesting.

There are moments when you wish Mr. Markoff had spent more time reworking Mr. Shimomura's narrative. Like Mr. Shimomura's health food, ''Takedown'' is fresh and appealing but so austere it can get on your nerves. We never learn what anyone looks or sounds like. Sometimes the authors are too rushed even to explain the technology. ''Daemons'' are small programs that perform ''housekeeping tasks'' that ''run in the background.'' Clear? The authors keep mentioning ''Trojans''; to explain ''Trojan horse'' programs would have cost them a few pages and a lot of effort, and would have been well worth it.

But on the whole the authors' strategy -- to let their story and Mr. Shimomura's personality emerge like a ripe tomato with no salad dressing -- works beautifully. Mr. Shimomura brags constantly but with a winning cocker-spaniel innocence, and you wind up liking him despite yourself. He is an unself-consciously kooky, brilliant, fascinating fanatic.

Mr. Littman's ''Fugitive Game'' is less a book than the raw material for a book. When Mr. Mitnick broke into Mr. Shimomura's computer, he was a fugitive, wanted by the F.B.I. on suspicion of criminal hacking and parole violations. Mr. Littman (like Mr. Markoff) had a longstanding journalistic interest in hackers; months before the break-in, he had persuaded Mr. Mitnick to start phoning him from unknown locations and ramble on about his life and work. The two remained in contact up through the week of Mr. Mitnick's capture.

Where ''Takedown'' is ruthlessly focused, Mr. Littman is diffuse. He marshals long transcripts of dozens of phone conversations, scrapbooklike excerpts from newspaper pieces. But we learn far more about Mr. Mitnick and outlaw hacking in ''The Fugitive Game'' than we do in ''Takedown,'' and Mr. Littman supplies the ambiance that ''Takedown'' leaves out. ''He sounds a decade younger than his 30 years,'' we learn of Mr. Mitnick. ''Animated, intensely emotional, naive, trusting, human, and nearly always on the verge of raucous laughter.''

Mr. Littman is jealous of Mr. Shimomura and Mr. Markoff's movie deal, not to mention their $750,000 advance; who can blame him? But a resourceful Broadway producer would have no trouble turning this histrionic, engrossing account into a one-man play.

Straggling behind in his dinky Dell paperback, Mr. Goodell is bound to be taken for an also-ran. His book lacks the passion of the other two. But he tells the straightest story, and he is the only one here with a reliable sense of humor (except for Mr. Mitnick). He rounds out Mr. Shimomura's self-portrait with good reporting.

The books complement each other, but Mr. Littman has a powerful gripe with Mr. Shimomura and Mr. Markoff, and Mr. Goodell makes some of the same accusations in a lower-key way. There are two big charges, of which one sticks -- but only in part. Mr. Littman convinces us that Mr. Shimomura and Mr. Markoff (and the F.B.I. and the rest of the press) have made Mr. Mitnick out to be more evil than he really is and overstated the damage he has done. But Mr. Littman is game enough, nonetheless, to allow Mr. Mitnick to convict himself in his own words. ''I'm the type who's a master safe cracker.

I'd read your will, your diary, put it back.'' Mr. Mitnick wants us to understand that he is just playing, not stealing; but that is a sort of game no sane person would tolerate. ''I have the capability,'' he confides, ''to wreak havoc.'' Mr. Littman convinces us that, in the event, he wreaked relatively little; but that's not the point.

Mr. Littman suggests also that Mr. Markoff hyped the story in The New York Times to build interest in the book that (as Mr. Goodell puts it) ''everyone knew he would end up writing about this.'' But to accuse a successful reporter of hyping some story to sell a book is like accusing a locomotive of being heavy so it can squish the pennies children leave on the track. Subtract the book and what changes? Mr. Littman is shocked at how Mr. Markoff manages to put stories about Mr. Mitnick on the front page even when there is no ''breaking news'' to report. But The Times has been running features on its front page for well over a decade. So what else is new? Mr. Markoff, Mr. Littman notes, called Mr. Shimomura ''a brilliant cyber sleuth'' with ''an uncanny ability to solve complex technical problems,'' then went and signed him as a co-author. O.K., strike ''brilliant.'' Would you be happy with ''really, really bright''?

CRIME

Whoever having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it shall be punished.

A fine or imprisonment for not more than ten years, or both, which does not occur after a conviction for another offense under this section, or an attempt to commit this offense.

A fine under this title or imprisonment for not more than twenty years, or both, which occurs after a conviction for another offense under this section, or an attempt to commit this offense.

18 U.S.C. §1030 (a)(2)(A) (1999)

CRIME

Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602(n) of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.) shall be punished.

A fine or imprisonment for not more than one year, or both, which does not occur after a conviction for another offense under this section, or an attempt to commit this offense.

A fine under this title or imprisonment for not more than ten years, or both, which occurs after a conviction for another offense under this section, or an attempt to commit this offense.

A fine under this title or imprisonment for not more than five years, or both, in the case of an offense if:

1. the offense was committed for purposes of commercial advantage or private financial gain;
2. the offense was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State; or
3. the value of the information obtained exceeds $5,000;

Justin Petersen pled guilty to count one of an eight-count indictment for computer fraud in violation of 18 U.S.C. S 1030(a)(2). The indictment charged that between February 11, 1991 and April 21, 1991, he gained unauthorized access to computers of TRW Information Services, a consumer credit reporting agency. The evidence at sentencing showed that Petersen, then in Texas, engaged in credit card fraud by selecting names from the telephone book and hacking into credit reporting services to obtain information which he used to order fraudulent credit cards. He then made charges on the fraudulent credit cards.

Phiber Optik case.

John Lee case.

Kevin Poulsen case.

18 U.S.C. §1030 (a)(2)(B) (1999)

CRIME

Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any department or agency of the United States shall be punished.

A fine or imprisonment for not more than one year, or both, which does not occur after a conviction for another offense under this section, or an attempt to commit this offense.

A fine under this title or imprisonment for not more than ten years, or both, which occurs after a conviction for another offense under this section, or an attempt to commit this offense.

A fine under this title or imprisonment for not more than five years, or both, in the case of an offense if:

1. the offense was committed for purposes of commercial advantage or private financial gain;
2. the offense was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State; or
3. the value of the information obtained exceeds $5,000;

18 U.S.C. §1030 (a)(2)(C) (1999)

CRIME

Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer if the conduct involved an interstate or foreign communication shall be punished.

A fine or imprisonment for not more than one year, or both, which does not occur after a conviction for another offense under this section, or an attempt to commit this offense.

A fine under this title or imprisonment for not more than ten years, or both, which occurs after a conviction for another offense under this section, or an attempt to commit this offense.

A fine under this title or imprisonment for not more than five years, or both, in the case of an offense if:

1. the offense was committed for purposes of commercial advantage or private financial gain;
2. the offense was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State; or
3. the value of the information obtained exceeds $5,000;

18 U.S.C. §1030 (a)(3) (1999)

CRIME

Whoever intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States shall be punished.

A fine or imprisonment for not more than one year, or both, which does not occur after a conviction for another offense under this section, or an attempt to commit this offense.

A fine under this title or imprisonment for not more than ten years, or both, which occurs after a conviction for another offense under this section, or an attempt to commit this offense.

18 U.S.C. §1030 (a)(4) (1999)

CRIME

Whoever knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period shall be punished.

A fine or imprisonment for not more than five years, or both, which does not occur after a conviction for another offense under this section, or an attempt to commit this offense.

A fine under this title or imprisonment for not more than ten years, or both, which occurs after a conviction for another offense under this section, or an attempt to commit this offense.

Justin Petersen gained unauthorized access to the computers of Pacific Bell to facilitate intercepting and seizing the telephone lines of radio station KPWR FM. Petersen's confederates Kevin Lee Poulsen and Ronald Mark Austin had discovered a computer program which could be manipulated to "rig" radio station promotional contests by seizing control of the telephone lines leading to the radio station to ensure that they were the correct caller to win various prizes. They advised Petersen of this scheme, and Petersen used the information to call the radio station and "win" a $10,000 cash prize. Poulsen and Austin "won" at least two Porsche automobiles, a $20,000 cash prize, a $10,000 cash prize, and two trips to Hawaii.

Kevin Mitnick case.

18 U.S.C. §1030 (a)(5)(A) (1999)

CRIME

Whoever knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer shall be punished.

A fine or imprisonment for not more than five years, or both, which does not occur after a conviction for another offense under this section, or an attempt to commit this offense.

A fine under this title or imprisonment for not more than ten years, or both, which occurs after a conviction for another offense under this section, or an attempt to commit this offense.

Kevin Mitnick case.

Robert Morris case.

18 U.S.C. §1030 (a)(5)(B) (1999)

CRIME

Whoever intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage shall be punished.

A fine or imprisonment for not more than five years, or both, which does not occur after a conviction for another offense under this section, or an attempt to commit this offense.

A fine under this title or imprisonment for not more than ten years, or both, which occurs after a conviction for another offense under this section, or an attempt to commit this offense.

Kevin Mitnick case.

18 U.S.C. §1030 (a)(5)(C) (1999)

CRIME

Whoever intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage shall be punished.

A fine or imprisonment for not more than one year, or both, which does not occur after a conviction for another offense under this section, or an attempt to commit this offense.

A fine under this title or imprisonment for not more than ten years, or both, which occurs after a conviction for another offense under this section, or an attempt to commit this offense.

Kevin Mitnick case.

18 U.S.C. §1030 (a)(6) (1999)

CRIME

Whoever knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization, if:

1. such trafficking affects interstate or foreign commerce; or
2. such computer is used by or for the Government of the United States

A fine or imprisonment for not more than one year, or both, which does not occur after a conviction for another offense under this section, or an attempt to commit this offense.

A fine under this title or imprisonment for not more than ten years, or both, which occurs after a conviction for another offense under this section, or an attempt to commit this offense.

United States of America v. Robert J. Riggs/Knight Lightning

18 U.S.C. §1030 (a)(7) (1999)

CRIME

Whoever with intent to extort from any person, firm, association, educational institution, financial institution, government entity, or other legal entity, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer shall be punished.

A fine or imprisonment for not more than five years, or both, which does not occur after a conviction for another offense under this section, or an attempt to commit this offense.

A fine under this title or imprisonment for not more than ten years, or both, which occurs after a conviction for another offense under this section, or an attempt to commit this offense.

Computer means an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device.

Protected computer means a computer:

1. exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
2. which is used in interstate or foreign commerce or communication.

Exceeds authorized access means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.

1. causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals;
2. modifies or impairs, or potentially modifies or impairs, the medical examination, diagnosis, treatment, or care of one or more individuals;
3. causes physical injury to any person; or
4. threatens public health or safety