4 Watch for Unusual Activity

Despite those precautions, companies also need to protect against the possibility that those levels of security will be broken. At Sony Pictures Entertainment, right before a big movie release like Spider-Man, the hacks start coming from insiders and outsiders who want to get a pre-released version of the movie or see the stars' salaries. That's where the company's intrusion detection system (IDS) steps in, by watching for unauthorized activity. Employees who poke around for inappropriate information on Sony's network might generate an alert that lands on the desk of Jeff Uslan, director of information protection and security at the Culver City, Calif.-based company. "The system would tell me your machine address and IP address," he says. "You might get a call from myself, saying, 'Is there something I can help you with, because you're trying to get into these files that you shouldn't." The IDS would also help Uslan find out if a hacker had infiltrated Sony's system and was using an employee's credentials or computer to launch an attack.

In addition to an IDS, Oakland, Calif.-based shipping company APL uses a product called Silent Runner, from a company by the same name, to get a visual look at what's happening on the shipping company's network--a high number of FTP downloads, for example, or unusual activity in a department that is going through a painful reorganization, or even e-mails that match keyword searches. "I have a bird's-eye view of what's happening," says Van Nguyen, director of information security. "I don't necessarily look at every single one oft he 11,000 employees, but when I need to I can."

That isn't enough for everyone, of course. Some companies, especially ones that deal with financial transactions or other sensitive information, will have to go to a more extreme route and use more sophisticated monitoring and controls.

5 Know How to Let Go

A little sensitivity when someone leaves the company can go a long way in avoiding retaliation or sabotage. But there are technical details to take careof as well. It can take months for IT departments to painstakingly close the accounts of a former employee. That usually happens because of poor communication with HR or because there are so many different accounts controlled by different systems administrators, which is a major problem not only because employees might attempt to access system resources but also because hackers can take advantage of inactive accounts. "We see a lot of companies that don't have policies to cancel passwords and log-in names when somebody is terminated," says FBI supervisory special agent David Ford, who manages a regional computer crimes office in Atlanta. "You would think that would be the first thing that would happen, but a lot of companies don't take the basic steps you would expect."

Until recently, the New York City-based clothing designer Josephine Chaus was no exception. When Ed Eskew became vice president of IT about three years ago, there was no formal system in place for shutting down accounts of employees who resign or are let go. Now, human resources and IT work together closely--a process that, unfortunately, had to be used when the company recently had layoffs. "The moment a person is called from their desk into HR for termination, our IT people will go to their desk and remove the CPU" and change the password for their voice mail, Eskew says. People who leave the company voluntarily may get an interim password with limited access during their notice period.