More and more small businesses are becoming computerized.
About seven of every 10 small enterprises today rely to a great degree on computers - to keep the books, track inventory, record personnel data and much more.While computers, as the Small Business Computer Security Education and Advisory Council puts it, "increase order, discipline and management control, the machines have brought on a new problem: computer crime."
"In the future," the council says, "almost all non-violent crime against small businesses will be computer-related."
Rep. Ron Wyden, D-Ore., chairman of the House Small Business Regulation and Business Opportunities Subcommittee, has cited surveys showing that American businesses lose between $3 billion and $5 billion annually because of computer fraud.
The computer security council, by the way, was created by Congress four years ago to study the issue of computer crime and loss. It obviously took a long time, even by Washington standards, for the council to study the computer crime issues and come up with a formal report.
Computer crimes include theft of software information, software and hardware damage, alteration of information and theft of services.
A small Minnesota company, for example, was blackmailed by a former computer programmer who had included a secret instruction in a program that could shut down the firm's computer.
A small firm in Des Moines, Iowa, was billed for $30,000 in telephone calls made after its computer access code was circulated on computer bulletin boards by "hackers" accessing different computer systems.
Most small business owners appreciate the value of their computers when it comes to saving time and money. But most owners aren't familiar with the mysteries of computer technology and therefore must rely on the expertise of others.
As a result, many small business owners today are as vulnerable to the possible misdeeds of their computer whizzes as they were in pre-computer days to the misdeeds of bookkeepers who created fake accounts and even signed company checks over to themselves or relatives and friends.
In the old days, bookkeepers sometimes showed their adeptness at rigging accounts and figures. Today's computer experts can find many more sophisticated ways to hide irregularities.
The computer security council says it considers computer crime to include:
- Fraud committed or covered by manipulation or destruction of data.
- Industrial espionage or blackmail by unauthorized theft or disclosure of data.
- Malicious destruction or damage of computer equipment or files.
- Theft or software piracy by employees, ex-employees or contractors.
- Unauthorized use of computer or communications facilities by employees, contractors or outsiders.
- Malicious or playful exposure of internal information to outsiders.
In addition to outright computer crime, small business owners face the problems of computer failure and human error. A power failure, for example, can result in computer shutdown and loss of data - unless backup systems are in place.
Human error can result in mispaid bills, inventory snafus and even loss of data, again unless backup and checkup systems are in place.
Large corporations, which of course are fully computerized today, have created security systems to guard against computer crime and failure.
Most small business owners can't afford precautions. An increasing number of computer vendors now offer, at reasonable cost, encryption capability, access software and audit trail capability for small computer systems. Insurance covering computer crime and failure is generally available, too.
On this overall subject, by the way, the U.S. Small Business Administration is offering free copies of "Small Business Guide to Computer Security." The guide is available from the agency's field offices or by calling 1-800 368-5855.
When Congress created the computer security council in 1984, it also enacted the Counterfeit Access Device and Computer Fraud and Abuse Act.
Despite that long, fancy title, the law has been generally ineffective. Forty-eight states also have some kind of computer crime laws, but they haven't done much to reduce computer crime or convict suspects, either.
Attorneys have had an easy time creating defenses against the loosely-worded statutes, and there still are no hard definitions on what constitutes a computer crime.
Nonetheless, the computer security council in its final report didn't see the need for more legislation. It did recommend that the American Bar Association "collect information about computer crime prosecutions and specifically classify them by types of victims."
The council added that "recommended changes to existing legislation could come as a result of analysis of these data."